Skip to Content.

geteduroam - Question regarding setting up Letswifi CA and EAP-TLS setting at FR3

Subject: An open discussion list for topics related to the geteduroam service

List archive


Question regarding setting up Letswifi CA and EAP-TLS setting at FR3


Chronological Thread 
  • From: Muhammad Farhan SJAUGI <farhan AT sifulan.my>
  • To: geteduroam AT lists.geant.org
  • Subject: Question regarding setting up Letswifi CA and EAP-TLS setting at FR3
  • Date: Sun, 21 Nov 2021 17:11:41 +0800

Hi,

We are setting up a letswifi ca portal for our federation members. So far everything went well as we are able to register a new realm and get the profile (however we need to add ?realm=<realm name> manually to download the profile).

However, when we tested the account, we got the following error message at the Freeradius 3 (FR3) despite we had added the realm's letwifi ca cert in the ca trusted list:

(33) eap_tls: ERROR: TLS_accept: Failed in SSLv3 read client certificate A
(33) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
(33) eap_tls: ERROR: System call (I/O) error (-1)
(33) eap_tls: ERROR: TLS receive handshake failed during operation
(33) eap_tls: ERROR: [eaptls process] = fail
(33) eap: ERROR: Failed continuing EAP TLS (13) session.  EAP sub-module failed

My questions are:

1. Is there any way to let the user download the profile without having to manually add ?realm=<realm name> in the url browser?
2. Any idea what the problem is with our FR3 EAP-TLS configuration? FYI, our FR3 uses letsencrypt cert.

Regards

--
Ts. Muhammad Farhan SJAUGI, S.Kom. M.Sc.
SIFULAN Malaysian Access Federation
Email: farhan AT sifulan.my
Homepage: https://sifulan.my
  



Archive powered by MHonArc 2.6.19.

Top of Page