Re : cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

Subject: Re : cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

From: Reveal MAP <revealmapp@yahoo.fr>

Date: Fri, 25 Jul 2008 10:05:14 +0000 (GMT)

Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>

HOW TO FIX THE PROBLEM OF THE ISSUER of clients certificates in default configuration?

- this bug is suspected to make i can't do EAP-PEAP and affect the CRL management too. it's a real problem

----- Message d'origine ----
De : Alan DeKok <aland@deployingradius.com>
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Envoyé le : Jeudi, 24 Juillet 2008, 19h54mn 32s
Objet : Re: cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

Sergio wrote:
> But the debug I posted shows that radius doesn't recognize the issuer of
> client cert using default certs. If default certs works and I don't need
> to install server.pem and ca.pem into ssl/certs dir, what I'm forgetting
> alan?

You need to follow the documentation in eap.conf.

            # If CA_file (below) is not used, then the
            # certificate_file below MUST include not
            # only the server certificate, but ALSO all
            # of the CA certificates used to sign the
            # server certificate.
            certificate_file = ${certdir}/server.pem

Have you done that?

Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Yahoo! Mail

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.