Freeradius v3.0.19 prioritize OCSP in checking client certificate rather than crl.

Dennis Diamsay dennis.diamsay at gmail.com
Wed Sep 4 05:11:21 CEST 2019


Hi Community,

Using Freeradius to authenticate client certificate using EAP, I noticed that CRL checking is prioritized than OCSP.

If check_crl is disable in the eap configuration, that is the only time the OCSP checking will take place.

Can someone help me on how to configure freeradius to prioritize OCSP in checking client certificate?

Thank you in advance.

My test case are:

1. Client certificate verification using OCSP

2. If OCSP is OFFLINE, client certificate verification using CRL.

3. if OCSP goes back ONLINE, client certificate verification using OCSP.


Dennis Diamsay
dennis.diamsay at gmail.com






More information about the Freeradius-Users mailing list