hostapd + freeradius: unknown ca error
j at w1.fi
Sun Jan 12 10:41:12 EST 2014
On Sun, Jan 12, 2014 at 04:37:36PM +0100, Svein Olav Bjerkeset wrote:
> However when hostapd contacts the radius server, it uses EAP-TLS, and after
> some traffic back and forth, hostapd sends a fatal error back to the radius
> server stating that the CA is unknown.
That's not originating from hostapd/Authenticator. It is from the
station/supplicant that runs the EAP peer. hostapd is just proxying the
messages between the authentication server and the station in this type
> An strace of open and stat system calls for the hostpad process seems to
> show that it does not try to open any file which are SSL-releated.
Which is expected since those operations happen at the stations.
> How can I tell hostapd which CAs to trust when using an external radius
You don't; you tell the EAP peer on the station that.
Jouni Malinen PGP id EFC895FA
More information about the HostAP