wpa_supplicant using EAP-TTLS problem

王奕元 dadai.cm91 at gmail.com
Thu Nov 8 10:50:15 EST 2007


Thanks both of you!!

But....
I meet another question  >"<
I'm so stupid....

Following is my step:
[at RADIUS SERVER]
# openssl genrsa 1024 > host.key
# openssl req  -new -x509 -nodes -days 1000 -key host.key > host.cert
Then, I fill my information.
# copy host.cert /usr/local/etc/raddb/certs/demoCA/capert.pem

[at host]
I copy the host.cert from RADIUS SERVER.
# cp host.cert /etc/certs/ca.pem
# wpa_supplicant -i ath0 -c eap-ttls.conf

Then, the screen shows error message:
TLS: Certificate verification failed, error 20 (unable to get local issuer
certificate) depth 0 for '/C=CA/ST=Province/L=Some
City/O=Organization/OU=localhost/CN=root
certificate/emailAddress=root at example.com'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed

I had checked my certificates by "openssl verify -issuer_checks ca.pem",
both RADIUS SERVER and host have the same result.
The result is:
ca.pem:
/C=TW/ST=Taiwan/L=Chiayi/O=CN/CN=dadai/emailAddress=testuser at example.org
error 18 at 0 depth lookup:self signed certificate
OK

Are there any other steps I missed?
Or there are still some steps I have to do?

Well,
if you have meet this problem and deal with it,
please tell me how to do.

Regard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20071108/3651f041/attachment.htm 


More information about the HostAP mailing list