<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi Mathieu, thanks for your reply.<br>
<br>
It´s not clear to me what exactly has to be done. <br>
<br>
So, I´ll place both server certificates inside the
certificate_file, correct? Do I declare it only under the 'tls'
section (not on the peap)? How does FR knows which certificate for
each method?<br>
How do I declare both private keys?<br>
<br>
Sorry for my stupid questions.<br>
<br>
Thanks,<br>
Fernando.<br>
<br>
Em 10/07/2013 10:44, Mathieu Simon escreveu:<br>
</div>
<blockquote
cite="mid:CANCJCZbXrnWa_pOwWa9=-b-Sih+kwEfgDpqG41qJ2ZJ+qVDuNQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Hi<br>
<br>
</div>
As a possible hint since your question sounds similar to
an issue I had:<br>
<br>
I was looking to provide a server-side certificate to my
clients from a public CA<br>
</div>
but only allow clients to authenticate via EAP-TLS when
presenting a cert from our<br>
internal CA which avoids the misconfiguration to trust any
certificate issued by the public CA.<br>
</div>
<br>
Check the difference of CA_file (containing root CA cert of
your internal CA), but set server cert <br>
(including cert chain) inside certificate_file.<br>
<br>
</div>
</div>
(<a moz-do-not-send="true"
href="http://lists.freeradius.org/pipermail/freeradius-users/2013-April/065990.html">http://lists.freeradius.org/pipermail/freeradius-users/2013-April/065990.html</a>)<br>
<div><br>
</div>
<div>Regards,<br>
</div>
<div>Mathieu<br>
</div>
<div>
<div class="gmail_extra"><br>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</blockquote>
<br>
</body>
</html>