I'm stumped by this problem, I have some RB connecting as wireless clients to a RB AP running in EAP mode, against a RADIUS server. I am using signed certificates for a valid domain, so no self-generated ones. No matter what I try, RADIUS ends up throwing up this:
Other devices such as mobile phones work fine. If I disable certificate verification in the RB client's security profile, it also connects OK. I suspect the RB doesn't like the CA signing the certificate, so my main question is, what SSL certificate from which CA do I need to get that will pass Mikrotik's verification?
Code: Select all
Reply-Message = "EAP TTLS Handshake unsuccessful: 16031: 1 - error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<10>"
I cannot install certificates in the clients, so that's a no-no.