Re: TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you all for all the answers.
The problem is that Cisco prescribes the attributes.

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/212214-Tech-Note-on-CAPF-Certificate-Signed-by.html

CAPF CSR:

        Attributes:
        Requested Extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, IPSec End System
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign

Unfortunately, the Cisco CUCM telephone systems do not seem to accept certificates without these attributes :-(.

If I understand everything correctly, would the only (and unclean) workaround be adding "TLS Web Client Authentication" to solve my problem?

Robert

-----Ursprüngliche Nachricht-----
Von: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] Im Auftrag von Salz, Rich via openssl-users
Gesendet: Montag, 22. Januar 2018 00:39
An: openssl-users@xxxxxxxxxxx
Betreff: Re:  TLS Error in FreeRadius - eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed

➢ The sensible thing at this point is to publish an update to RFC5280
    that accepts reality.
    
Yes, and there’s an IETF place to do that if anyone is interested; see the LAMPS working group.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux