[RADIATOR] Certificate Not Trusted - InCommon?

Ullfig, Roberto Alfredo rullfig at uic.edu
Wed Sep 8 16:48:48 UTC 2021

Bringing this back, the main question I have is why do our users need to Trust a certificate when connecting to our Radius Wifi but they don't need to Trust a certificate when connecting to most other WiFi services out there. Why is there a difference?

Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
From: radiator <radiator-bounces at lists.open.com.au> on behalf of Heikki Vatiainen <hvn at open.com.au>
Sent: Wednesday, June 2, 2021 2:33 PM
To: radiator at lists.open.com.au <radiator at lists.open.com.au>
Subject: Re: [RADIATOR] Certificate Not Trusted - InCommon?

On 2.6.2021 21.37, Ullfig, Roberto Alfredo wrote:
> trying to use EAPTLS_CertificateChainFile does not work - we are running
> 4.16 - these errors appear when a user attempts to connect:
> Wed Jun  2 13:32:22 2021: ERR: TLS could not load_verify_locations , :

I think this means that EAPTLS_CAFile and EAPTLS_CAPath are both undefined.

The optional configuration changes I mentioned only work with Radiator
4.20 or later. There you can leave the both unset when
EAPTLS_NoClientCert is also set.

You can leave EAPTLS_CAFile as it was while setting
EAPTLS_CertificateChainFile. The chain file has all certificates
(Radiator's and intermediate CAs) the client requires and EAPTLS_CAFile
remains unused because client certificates are not used. Note: this
assumes EAP-TLS is not used. With EAP-TLS client certificate settings
are required as usual.

>   16422: 1 - error:25066067:DSO support routines:DLFCN_LOAD:could not
> load the shared library
>   16422: 2 - error:25070067:DSO support routines:DSO_load:could not load
> the shared library
>   16422: 3 - error:260B6084:engine routines:DYNAMIC_LOAD:dso not found
>   16422: 4 - error:2606A074:engine routines:ENGINE_by_id:no such engine

The above show the errors that are caused by not being able to load CA
file or path.


Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
radiator mailing list
radiator at lists.open.com.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20210908/2c4e4f2c/attachment.html>

More information about the radiator mailing list