I have an authentication server based on certificate. The previous roll of certificate (1 CA + 1 Server + 1 Client) worked perfectly. A few days ago the client certificate expired and I had to generate a new one. I encountered the following problem so I generated once again all of the certificates (CA, Server and Client) but the problem still remain.
The server hold the CA + Server + Client certificates. The Client hold the CA + Client certificates.
Here is the error I the client get when trying to authenticate (using wpasupplicant) :
root@HP:/etc/wpa_supplicant# wpa_supplicant -c certs.conf -D wired -i enp63s0
Successfully initialized wpa_supplicant
enp63s0: Associated with 01:80:c2:00:00:03
enp63s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
enp6350: CTRL-EVENT-EAP-STARTED EAP authentication started
enp63s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
enp6350: CTRL-EVENT-EAP-METHOD EAP vendor e method 13 (TLS) selected
enp63s0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example Inc. /[email protected]/CN=Example certificate Authority' hash=71d392c4f64b1dd18d378c57fea2f2673a26ad4a93974f70e5c1a44709f89ab3
enp6350: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/0=Example Inc./CN=Example Server Certificate/[email protected]' hash=c6c4425f12a6540ca9327769d50e95de32df60aac46c0dcd
54291db880192a5
> SSL: SSL3 alert: write (local SSL3 detected an error): fatal:decrypt error
> OpenSSL: openssl_handshake - SSL_connect error:0407E068:rsa routines:RSA_verify_PKCS1_PSS_mgf1:bad signature
> OpenSSL: pending error: error:1416D07B:SSL routines:tls_process_key_exchange: bad signature
enp6350: CTRL-EVENT-EAP-FAILURE EAP authentication failed
Cenp6350: CTRL-EVENT-DISCONNECTED bssid=01:80:c2:00:00:03 reason=3 locally_generated=1
enp6350: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=1 duration=10 reason=AUTH_FAILED
enp63s0: CTRL-EVENT-TERMINATING
root@HP:/etc/wpa_supplicant#
The error lines are at the ">
".
I tested the fingerprint of the certificates stored on the client and they are the same as the one on the server.
Do you know where the problem come from ?
Edit : Can you explain to me what a bad signature mean ? I wasn't able to find it
0 Answers