wpa_supplicant using EAP-TTLS problem

Mr. Maloomnahi maloomnahi
Thu Nov 8 02:02:33 PST 2007


Hi,

Try using the information available here

http://www.akadia.com/services/ssh_test_certificate.html
I am using this: http://sial.org/howto/openssl/self-signed/
http://www.dylanbeattie.net/docs/openssl_iis_ssl_howto.html
http://articles.techrepublic.com.com/5100-1035-6148560.html

Regards
PPN

----- Original Message -----
From: ??? <dadai.cm91 at gmail.com>
To: hostap at shmoo.com
Sent: Thu, 8 Nov 2007 12:48:55 +0530 (IST)
Subject: wpa_supplicant using EAP-TTLS problem

As you say,
I don't have CA file.
How should I do if I use EAP-TTLS authentication?
Now I'm blocked by the ca.pem problem.

I had tried four methods.
First,
I just created /etc/certs directory, without ca.pem in it.
the result is:
 OpenSSL? tls_connection_ca_cert - Failed to load root certificates
error?02001002?system library?fopen?No such file or directory
OpenSSL? pending error? error?2006D080?BIO routines?BIO_new_file?no such
file
OpenSSL? pending error? error?0B084002? x509 certificate
routines?X509_load_cert_crl_file?system lib
OpenSSL? tls_load_ca_der - Failed load CA in DER format
error?02001002?system library?fopen?No such file of directory
OpenSSL? pending error? error?20074002?BIO routines?FILE_CTRL?system lib
OpenSSL? pending error? error?0B06F002?x509 certificate
routines?X509_load_cert_file?system lib
TLS? Failed to set TLS connection parameters
EAP-TTLS? Failed to initialize SSL.

Second,
I created an empty file named ca.pem and placed it in /etc/certs/.
the result is:
OpenSSL? tls_connection_ca_cert - Failed to load root certificates
error?00000000?lib(0)?func(0)?reason(0)
OpenSSL? tls_load_ca_der - Failed load CA in DER format error?0D07207B?asn1
encoding routines?ASN1_get_object?header too long
OpenSSL? pending error? error?0B06F00D?x509 certificate
routines?X509_load_cert_file?ASN1 lib
 TLS? Failed to set TLS connection parameters
EAP-TTLS? Failed to initialize SSL.

Third,
I copied the /usr/share/doc/perl-IO-Socket-SSL-1.01/certs/my-ca.pem to
/etc/certs/
and the result is:
TLS? Certificate verification failed. error 19 (self signed certificate in
certificate chain) depth 1 for '/C=CA/ST=Province/L=Some
City/0=0rganization/OU=localhost/CN=Client
certificate/emailAddress=client at example.com'
SSL? SSL3 alert? write (local SSL3 detected an error)?fatal?unknown CA
OpenSSL? tls_connection_handshake - SSL_connect error?14090086?SSL
routines?SSL3_GET_SERVER_CERTIFICATE?certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Forth,
I copied the RADIUS Server's certs/demoCA/cacert.pem, and placed it in my
host's /etc/certs
and the result is:
TLS: Certificate verification failed, error 10 (certificate has expired)
depth 1 for '/C=CA/ST=Province/L=Some
City/O=Organization/OU=localhost/CN=Client
certificate/emailAddress=client at example.com'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:certificate
expired
OpenSSL: tls_connection_handshake - SSL_connect error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
CTRL-EVENT-EAP-FAILURE EAP authentication failed


--
My life has changed. What about yours?
Log on to the new Indiatimes Mail and Live out of the Inbox!



More information about the Hostap mailing list