wpa_supplicant using EAP-TTLS problem

Mr. Maloomnahi maloomnahi at indiatimes.com
Thu Nov 8 05:02:33 EST 2007


Hi,

Try using the information available here

http://www.akadia.com/services/ssh_test_certificate.html
I am using this: http://sial.org/howto/openssl/self-signed/
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html
http://articles.techrepublic.com.com/5100-1035-6148560.html

Regards
PPN

----- Original Message -----
From: 王奕元 <dadai.cm91 at gmail.com>
To: hostap at shmoo.com
Sent: Thu, 8 Nov 2007 12:48:55 +0530 (IST)
Subject: wpa_supplicant using EAP-TTLS problem

As you say,
I don't have CA file.
How should I do if I use EAP-TTLS authentication?
Now I'm blocked by the ca.pem problem.

I had tried four methods.
First,
I just created /etc/certs directory, without ca.pem in it.
the result is:
 OpenSSL: tls_connection_ca_cert - Failed to load root certificates
error:02001002:system library:fopen:No such file or directory
OpenSSL: pending error: error:2006D080:BIO routines:BIO_new_file:no such
file
OpenSSL: pending error: error:0B084002: x509 certificate
routines:X509_load_cert_crl_file:system lib
OpenSSL: tls_load_ca_der - Failed load CA in DER format
error:02001002:system library:fopen:No such file of directory
OpenSSL: pending error: error:20074002:BIO routines:FILE_CTRL:system lib
OpenSSL: pending error: error:0B06F002:x509 certificate
routines:X509_load_cert_file:system lib
TLS: Failed to set TLS connection parameters
EAP-TTLS: Failed to initialize SSL.

Second,
I created an empty file named ca.pem and placed it in /etc/certs/.
the result is:
OpenSSL: tls_connection_ca_cert - Failed to load root certificates
error:00000000:lib(0):func(0):reason(0)
OpenSSL: tls_load_ca_der - Failed load CA in DER format error:0D07207B:asn1
encoding routines:ASN1_get_object:header too long
OpenSSL: pending error: error:0B06F00D:x509 certificate
routines:X509_load_cert_file:ASN1 lib
 TLS: Failed to set TLS connection parameters
EAP-TTLS: Failed to initialize SSL.

Third,
I copied the /usr/share/doc/perl-IO-Socket-SSL-1.01/certs/my-ca.pem to
/etc/certs/
and the result is:
TLS: Certificate verification failed. error 19 (self signed certificate in
certificate chain) depth 1 for '/C=CA/ST=Province/L=Some
City/0=0rganization/OU=localhost/CN=Client
certificate/emailAddress=client at example.com'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Forth,
I copied the RADIUS Server's certs/demoCA/cacert.pem, and placed it in my
host's /etc/certs
and the result is:
TLS: Certificate verification failed, error 10 (certificate has expired)
depth 1 for '/C=CA/ST=Province/L=Some
City/O=Organization/OU=localhost/CN=Client
certificate/emailAddress=client at example.com'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:certificate
expired
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed


--
My life has changed. What about yours?
Log on to the new Indiatimes Mail and Live out of the Inbox!


More information about the HostAP mailing list