EAP-TLS CRL checking when multiple CAs used

Martin Čmelík martin.cmelik at gmail.com
Tue Nov 15 09:23:23 CET 2011


Hi all,

problem has been on my side. I miss to add another one CRL into certs directory.

Thank you for all your help!

Best regards,

—
Martin Čmelík



2011/11/14 Martin Čmelík <martin.cmelik at gmail.com>:
> Hi Alan,
>
> I did, there is nothing about it.
>
> Only this:
>
> #  Check the Certificate Revocation List
> #
> #  1) Copy CA certificates and CRLs to same directory.
> #  2) Execute 'c_rehash <CA certs&CRLs Directory>'.
> #    'c_rehash' is OpenSSL's command.
> #  3) uncomment the line below.
> #  5) Restart radiusd
> #       check_crl = yes
>
> We have all CAs in ca.pem and CRL lists in separate file
> crl1.pem+.der, crl2.pem+.der, ect...
>
> Stefan,
>
> that's what I did.
> OK I will try to do same thing with previous configuration. Maybe that
> I miss something.
>
> Thank you
>
>
>> Martin Čmelík
>
>
>
>
> 2011/11/14 Alan DeKok <aland at deployingradius.com>:
>> Martin Čmelík wrote:
>>> Question is: When Freeradius receive user certificate how daemon find
>>> correct CRL list in certs directory?
>>
>>  Read raddb/eap.conf.  This is documented.
>>
>>  Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>




More information about the Freeradius-Users mailing list