How to fix pfSense FreeRADIUS Login incorrect (eap_peap: TLS Alert read:fatal:access denied)

Problem:

When trying to login using WPA-EAP or 802.1X using the RADIUS protocol for authentication, you see an error message like

(235) Login incorrect (eap_peap: TLS Alert read:fatal:access denied): [uli/<via Auth-Type = eap>] (from client APs port 0 cli 98-55-2B-A9-76-B9)

Solution:

The issue in my case was that the CA certificate was not valid any more. Go to

Services => FreeRADIUS => EAP

and scroll down to Certificates for TLS

You need to choose correct, valid certificates for both theĀ SSL CA Certificate and theĀ SSL Server Certificate. The CA must be the CA that issued the server certificate. It is recommended to use self-signed certificates for RADIUS EAP.