PEAP using different CA?
Mathieu Simon
mathieu.sim at gmail.com
Thu Jul 11 14:31:03 CEST 2013
Hi Fernando
2013/7/10 Fernando Hammerli <fhammerli at puc-rio.br>
> Got it now, as you said.
>
> Using the public CA certs on certificate_file (and related private key),
> and included the public CA
> chain on the CA_file (together with my own CA).
>
Yep mostly except that I put the private key not inside certificate_file
but seperately into
private_key_file (although the config says that you can put in the same
file.
>
> Still needs more testing (in more enviroments), but seems to be working.
>
Make sure to test with a variety of Devices/OS.
Windows (as it has shown to me and as the wiki says) is very picky while
Android I've seen simply ignore server certificate data and continue.
Make sure to not put a CA cert bundle from your CA + your cert inside
certificate_file but only those certs used in the chain of trust so you
don't
get over 64k (see
http://wiki.freeradius.org/guide/Certificate%20Compatibility)
-- Mathieu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130711/4df2168d/attachment.html>
More information about the Freeradius-Users
mailing list