EAP-TLS with server and client certificates by different CA

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Aug 5 09:54:53 CEST 2015


Hi,

>             CA_file = ${cadir}/eltex-ca.crt \
> ${certdir}/COMODORSADomainValidationSecureServerCA.crt \
>                 ${certdir}/COMODORSAAddTrustCA.crt \
>                 ${certdir}/AddTrustExternalCARoot.crt

errr?  no.  CA_File is just a file. put one entry there. perhaps you can use a file with all of these concatenated
but the usual way is

1) have all your certs in the certdir

2) for the certificate_file entry, eg PEAP, have the server cert, its intermediates and the root in there

3) for CA_File, used for EAP-TLS, put your private CA in there

finally, think about not using a public root for your PEAP anyway


alan


More information about the Freeradius-Users mailing list