<div>Thanks both of you!!</div>
<div> </div>
<div>But....</div>
<div>I meet another question >"<</div>
<div>I'm so stupid....</div>
<div> </div>
<div>Following is my step:</div>
<div>[at RADIUS SERVER]</div>
<div># openssl genrsa 1024 > host.key</div>
<div># openssl req -new -x509 -nodes -days 1000 -key host.key > host.cert</div>
<div>Then, I fill my information.</div>
<div># copy host.cert /usr/local/etc/raddb/certs/demoCA/capert.pem</div>
<div> </div>
<div>[at host]</div>
<div>I copy the host.cert from RADIUS SERVER.</div>
<div># cp host.cert /etc/certs/ca.pem</div>
<div># wpa_supplicant -i ath0 -c eap-ttls.conf</div>
<div> </div>
<div>Then, the screen shows error message:</div>
<div>TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 0 for '/C=CA/ST=Province/L=Some City/O=Organization/OU=localhost/CN=root <a href="mailto:certificate/emailAddress=root@example.com'">
certificate/emailAddress=root@example.com'</a></div>
<div>SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA</div>
<div>OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed</div>
<div>CTRL-EVENT-EAP-FAILURE EAP authentication failed</div>
<div> </div>
<div>I had checked my certificates by "openssl verify -issuer_checks ca.pem",</div>
<div>both RADIUS SERVER and host have the same result.</div>
<div>The result is:</div>
<div>ca.pem: <a>/C=TW/ST=Taiwan/L=Chiayi/O=CN/CN=dadai/emailAddress=testuser@example.org</a></div>
<div>error 18 at 0 depth lookup:self signed certificate</div>
<div>OK</div>
<div> </div>
<div>Are there any other steps I missed?</div>
<div>Or there are still some steps I have to do?</div>
<div> </div>
<div>Well, </div>
<div>if you have meet this problem and deal with it,</div>
<div>please tell me how to do.</div>
<div> </div>
<div>Regard.</div>