Le mercredi 6 novembre 2013 21:59:26 Alan Buxey a écrit :
Concatenate your root and intermediates and use those. Beware of using a cert dir and the CA path as if done incorrectly then someone could authenticate just by having a cert signed with the same root CA as your RADIUS server
alan
Thank you for your answer, but it doesn't work. I don't see where you can declarate this certificate. There is field CAfile, but it is related to the authentication of the client (EAP-TLS). Furthermore, if I use this field with all the certificates concatenated, freeradius complains it is not readable. My question is: is it a way to deal with a chain other than load the full chain in the client ? -- Thierry CHICH Responsable réseaux académiques Equipe Réseaux/Pôle National de Compétence en Réseaux Rectorat de Clermont-Ferrand - Centre Informatique Académique Tel: 04.73.99.30.54