EAP-TLS vs X.509 certificate chains

John Dennis jdennis at redhat.com
Fri Jun 4 13:50:41 CEST 2010


On 06/04/2010 05:42 AM, Paolo Barbato wrote:
> Looking at the mailing list it's seems not possibile configure
> freeradius to use a CA chains certificate, instead of a single CA
> root.

Why do you believe that?

Use the certificate_file config item in eap.conf.

The certificates must be in PEM format and must be sorted starting with
the subject’s certificate (actual client or server certificate),
followed by intermediate CA certificates if applicable, and ending at
the highest level (root) CA.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list