CA Dir
- To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
- Subject: CA Dir
- From: "Jeffrey Sewell" <jeffrey.sewell@gmail.com>
- Date: Fri, 19 Jan 2007 11:06:17 -0800
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=JrN/jbW3+r/MVK2AkjhWPZ5l6+wSGSNKoGpvoODYmrZeWVTCtghbc0ed9w7OfwcyyVCjdI5zwtDhNioAo3DgRvrkNk4t3uXNz48lzCkIx4X+PG38SHfGtUw69G1z4J1JuGWx1b5atdq0GALVpP0baN++QnxGfgrcokoozqbJvAI=
- Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
In the eap.conf, tls section, the comments say to use the 'CA_path'
variable in the radiusd.conf file to indicate where the trusted CA
chain will reside. However, this variable isn't in the tls section of
the radiusd.conf (it is in the LDAP section, but I'm pretty sure that
won't help me) file or the eap.conf file (where I thought it might
have moved). As an experiment, I added it to eap.conf and it loaded ok
with the following output:
tls: CA_path = "/usr/local/etc/raddb/certs/rootCA"
...
tls: CA_file = "(null)"
Unfortunately the CA_file is the imporant one as I discovered when I
tested the link:
Fri Jan 19 09:51:05 2007 : Error: TLS Alert write:fatal:unknown CA
So where is the appropriate place for the root chain?
--Jeffrey
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.