An open discussion list for topics related to the geteduroam service

[Muhammad Farhan SJAUGI <farhan AT sifulan.my>]

Hi,

We are setting up a letswifi ca portal for our federation members. So far everything went well as we are able to register a new realm and get the profile (however we need to add ?realm=<realm name> manually to download the profile).

However, when we tested the account, we got the following error message at the Freeradius 3 (FR3) despite we had added the realm's letwifi ca cert in the ca trusted list:

(33) eap_tls: ERROR: TLS_accept: Failed in SSLv3 read client certificate A
(33) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read): error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
(33) eap_tls: ERROR: System call (I/O) error (-1)
(33) eap_tls: ERROR: TLS receive handshake failed during operation
(33) eap_tls: ERROR: [eaptls process] = fail
(33) eap: ERROR: Failed continuing EAP TLS (13) session.  EAP sub-module failed

My questions are:

1. Is there any way to let the user download the profile without having to manually add ?realm=<realm name> in the url browser?

2. Any idea what the problem is with our FR3 EAP-TLS configuration? FYI, our FR3 uses letsencrypt cert.

Regards

--
Ts. Muhammad Farhan SJAUGI, S.Kom. M.Sc.

SIFULAN Malaysian Access Federation
Email: farhan AT sifulan.my
Homepage: https://sifulan.my