<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Bringing this back, the main question I have is why do our users need to Trust a certificate when connecting to our Radius Wifi but they don't need to Trust a certificate when connecting to most other WiFi services out there. Why is there a difference?</div>
<div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div>
<div></div>
<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<div style="font-family:Tahoma; font-size:13px">---
<div><span id="ms-rterangepaste-start"></span><span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Roberto Ullfig - rullfig@uic.edu</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Systems Administrator</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Enterprise Applications & Services | Technology Solutions</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">University of Illinois - Chicago</span>
<div><span id="ms-rterangepaste-end"></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> radiator <radiator-bounces@lists.open.com.au> on behalf of Heikki Vatiainen <hvn@open.com.au><br>
<b>Sent:</b> Wednesday, June 2, 2021 2:33 PM<br>
<b>To:</b> radiator@lists.open.com.au <radiator@lists.open.com.au><br>
<b>Subject:</b> Re: [RADIATOR] Certificate Not Trusted - InCommon?</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText"><br>
<br>
On 2.6.2021 21.37, Ullfig, Roberto Alfredo wrote:<br>
> trying to use EAPTLS_CertificateChainFile does not work - we are running <br>
> 4.16 - these errors appear when a user attempts to connect:<br>
> <br>
> Wed Jun  2 13:32:22 2021: ERR: TLS could not load_verify_locations , : <br>
<br>
I think this means that EAPTLS_CAFile and EAPTLS_CAPath are both undefined.<br>
<br>
The optional configuration changes I mentioned only work with Radiator <br>
4.20 or later. There you can leave the both unset when <br>
EAPTLS_NoClientCert is also set.<br>
<br>
You can leave EAPTLS_CAFile as it was while setting <br>
EAPTLS_CertificateChainFile. The chain file has all certificates <br>
(Radiator's and intermediate CAs) the client requires and EAPTLS_CAFile <br>
remains unused because client certificates are not used. Note: this <br>
assumes EAP-TLS is not used. With EAP-TLS client certificate settings <br>
are required as usual.<br>
<br>
>   16422: 1 - error:25066067:DSO support routines:DLFCN_LOAD:could not <br>
> load the shared library<br>
>   16422: 2 - error:25070067:DSO support routines:DSO_load:could not load <br>
> the shared library<br>
>   16422: 3 - error:260B6084:engine routines:DYNAMIC_LOAD:dso not found<br>
>   16422: 4 - error:2606A074:engine routines:ENGINE_by_id:no such engine<br>
<br>
The above show the errors that are caused by not being able to load CA <br>
file or path.<br>
<br>
Thanks,<br>
Heikki<br>
<br>
<br>
-- <br>
Heikki Vatiainen <hvn@open.com.au><br>
<br>
Radiator: the most portable, flexible and configurable RADIUS server<br>
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,<br>
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,<br>
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.<br>
_______________________________________________<br>
radiator mailing list<br>
radiator@lists.open.com.au<br>
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&amp;data=04%7C01%7Crullfig%40uic.edu%7Cee9b5689301b494d43bd08d925fda320%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637582593563865963%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=QkgPwsofxnpbbXy9nMjLPS%2Bqp%2FiWbyEbvLCShiNQRUM%3D&amp;reserved=0">https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&amp;data=04%7C01%7Crullfig%40uic.edu%7Cee9b5689301b494d43bd08d925fda320%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637582593563865963%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=QkgPwsofxnpbbXy9nMjLPS%2Bqp%2FiWbyEbvLCShiNQRUM%3D&amp;reserved=0</a><br>
</div>
</span></font></div>
</body>
</html>