13 Aug
2018
13 Aug
'18
1:29 p.m.
We've been running PEAP + MS-CHAPv2 for many many years. Beginning to experiment with EAP-TLS, and have two questions ... - My certificates are generated by an intermediate CA. It appears I need to put both the root and intermediate CA into the CA_file (ca.pem)? I was expecting to put the root CA somewhere else, to indicate that it is only used to trust the intermediate. - It seems that FreeRADIUS won't start if I comment out the certificate_file and private_key_file. My understanding is that these are only used for MS-CHAPv2, and are irrelevant in an EAP-TLS environment. Correct me if I'm wrong here. Should I just leave these as self-signed dummy certificates? Thanks, Norman