Version Affected: RADIUS 20.12.07
Description:
After upgrading to 20.12.07, Radius logins fail.
The SaRadiusServer log contains the error
"Unable to find valid certification path to requested target"
Cause:
This version verifies the validity of the binding cert of the IdP it talks to. If it does not trust the Root CA that issued the binding cert, it will throw this error.
Resolution:
1. Open up the Realm in a Browser and find what the Trusted Root cert is
2. Open up certlm.msc and find the same cert in the Trusted Root Certificate Authorities store
3. Right click and select All Tasks | Export.
4. Export that cert in DER format (it'll have a .cer extension)
5. Copy that to <RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\serverJre\jre
6. Open an admin command prompt in <RADIUS_installation_directory>\SecureAuth IdP RADIUS Agent\bin\serverJre\jre
7. Run
.\bin\keytool.exe -import -trustcacerts -alias <alias> -file <certificate.cer> -keystore .\lib\security\cacerts
8. It will ask for a password. By default, this is
changeit
9. It will ask if you wish to Trust the cert. Type yes and hit enter to complete the install
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.