EAP-TLS problem

Bryan Kadzban bryan at kadzban.is-a-geek.net
Tue Jun 12 07:06:09 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

shantanu choudhary wrote:
> SSL: TLS Message Length: 1950
> TLS: Certificate verification failed, error 19 (self signed certificate
> in certificate chain) depth 1 ...

Well there's the error message: "self-signed certificate in certificate
chain".  I assume this tells you what's wrong, but because I don't know
how your certs are set up, it doesn't tell me.  I'm guessing that either
your root cert isn't trusted (and you would therefore need to use the
wpa_supplicant.conf ca_cert option), or you never configured your RADIUS
server to use a cert that's actually signed by an upper-level CA (and
it's therefore using some kind of test cert, which is signed by itself,
and which openssl doesn't like).

Depending on which of the above two it is, you'd have to either switch
the certs that your RADIUS server is using, or modify your
wpa_supplicant config file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGbn4cS5vET1Wea5wRA0fpAJ41oNJ75Vfa5OWML5m9bfYLnhpBXQCeO8qZ
pHZ2nqO/OHCUUWZkROXeegw=
=5jPq
-----END PGP SIGNATURE-----



More information about the HostAP mailing list