chain certificate problem

Thierry Chich thierry.chich at ac-clermont.fr
Thu Nov 7 09:43:16 CET 2013



Le mercredi 6 novembre 2013 21:59:26 Alan Buxey a écrit :
> Concatenate your root and intermediates and use those.  Beware of using a cert dir and the CA path as if done incorrectly then someone could authenticate just by having a cert signed with the same root CA as your RADIUS server
> 
> alan
> 

Thank you for your answer, but it doesn't work. I don't see where you can declarate this certificate. 
There is field CAfile, but it is related to the authentication of the client (EAP-TLS). Furthermore, if I use this field with all the certificates concatenated, freeradius complains it is not readable. 

My question is: is it a way to deal with a chain other than load the full chain in the client ?

-- 
Thierry CHICH
Responsable réseaux académiques
Equipe Réseaux/Pôle National de Compétence  en Réseaux
Rectorat de Clermont-Ferrand - Centre Informatique Académique
Tel: 04.73.99.30.54



More information about the Freeradius-Users mailing list