Sending CA certificate during EAP-TLS

Reimer Karlsen-Masur, DFN-CERT karlsen-masur at dfn-cert.de
Wed Jun 20 13:23:32 CEST 2007


Hi,

in the file referenced by the option variable "certificate_file" in the tls 
section only put the server certificate (and optionally the private key) of 
your RADIUS server.

i.e. don't put ca certificates of the chain into that file.

I don't know how to prevent the client from sending CA path certificates....

Rafa Marin wrote:
> Hi all,
> 
> Is there any way to configure free radius + eap-tls module to avoid to 
> send CA certificate during EAP-TLS negotiation? As Free Radius is 
> sending it right now EAP-TLS packets get fragmented and I would like to 
> avoid it.

-- 
Beste Gruesse / Kind Regards

Reimer Karlsen-Masur

DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
--
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5853 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/6dc9a02d/attachment.bin>


More information about the Freeradius-Users mailing list