CA Chain

Jeffrey Sewell jeffrey.sewell at gmail.com
Sun Jan 21 19:30:11 CET 2007


In the eap.conf, tls section, the comments say to use the 'CA_path'
variable in the radiusd.conf file to indicate where the trusted CA
chain will reside. However, this variable isn't in the tls section of
the radiusd.conf file (it is in the LDAP section, but I'm pretty sure that
won't help me) or the eap.conf file (where I thought it might
have moved). As an experiment, I added it to eap.conf and it loaded ok
with the following output:

tls: CA_path = "/usr/local/etc/raddb/certs/rootCA"
...
tls: CA_file = "(null)"

Unfortunately the CA_file is the imporant one as I discovered when I
tested the link:

Fri Jan 19 09:51:05 2007 : Error: TLS Alert write:fatal:unknown CA

So where is the appropriate place for the root chain?

JS



More information about the Freeradius-Users mailing list