Microsoft: Certificate Authentication
Fernando Calvelo Vazquez
fernando.calvelo at esrf.fr
Thu Dec 3 09:17:39 CET 2009
>> - 2nd... What is wrong in my configuration? I can not distinguish, at
>> the moment, which is the entry at logs that I should focus.
>> [tls] <<< TLS 1.0 Handshake [length 036f], Certificate
>> --> verify error:num=20:unable to get local issuer certificate
>> [tls] >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
>> TLS Alert write:fatal:unknown CA
> If you had followed the howto guide and done:
> In the list of trusted root CAs, check only the CA that corresponds to the
> certificate you have generated
> error wouldn't happen. You most likely haven't imported you self-signed
> root CA onto the client.
> Ivan Kalik
Yes, I have done it.
I have imported my "ca.der" as is showed on the howto guide.
As well I have tested with and without checking "validate server
certificate" box. (when is selected, only the CA that correspond to my
certificate is crossed)
In both cases (with and without "validate server certificate" box) I get
the same message.
More information about the Freeradius-Users