EAP-TLS CRL checking when multiple CAs used
stefan.winter at restena.lu
Mon Nov 14 10:37:48 CET 2011
> Question is: When Freeradius receive user certificate how daemon find
> correct CRL list in certs directory?
The CRL needs to be in the same directory as the CAs, and needs to be
hashed with c_rehash just like the CA certs. CRLs automatically get the
hash suffix ".r0" instead of ".0".
You will still need to restart FreeRADIUS after downloading a new CRL;
re-reading them at runtime is not possible due to glorious openSSL.
> Thank you
> Martin Čmelík
> 2011/11/14 Alan DeKok <aland at deployingradius.com>:
>> Martin Čmelík wrote:
>>> nobody knows how setup freeradius to check new CRL lists?
>> FreeRADIUS uses OpenSSL for CRLs (and everything SSL). OpenSSL does
>> not support dynamically adding CRLs at run time.
>> See the "ocsp" support in 2.1.12.
>> Alan DeKok.
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users