Quick question RE: FreeRADIUS Trusted Root CA List

[Cerney, Lawrence]

Thanks Sebastian,

Moving all the Trusted CA's into one file, as you suggested, fixed my
problem.

I still only use one server-cert. I have been testing with different
sized user-certs signed by CA's of various sizes.  That's the reason for
the 8 different CA's.  It would be the same if I wanted to authenticate
user-certs signed by different commercial certificate vendors.

Again thanks

Larry

To trust more than one CA, you simply have to copy all the
root-certificates into one file:

for example:
CA_file = /etc/1x/trustedcas.pem

I tested this with 3 CAs, and it works.

Do you really need 8 different server-certificates? So, how should the
server decide which certificate he must send the client?

Sebastian

-- 
Psssst! Schon vom neuen GMX MultiMessenger geh?rt?
Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger


-


This message (including any attachments) contains confidential 
and/or proprietary information intended only for the addressee.  
Any unauthorized disclosure, copying, distribution or reliance on 
the contents of this information is strictly prohibited and may 
constitute a violation of law.  If you are not the intended 
recipient, please notify the sender immediately by responding to 
this e-mail, and delete the message from your system.  If you 
have any questions about this e-mail please notify the sender 
immediately.