On Jul 26, 2022, at 10:21 AM, Young Yoon <yyoon99@gmail.com> wrote:
Thanks. I was able to get the log as instructed (but message being held it's too long).
If you convert it to HTML, yes. Just post text.
I can confirm that there's no OpenSSL version change (1.1.1) in our product and the only change is the freeRadius 3.0.21 to 3.0.25.
Looks like the root CA (microsoft private CA) is not being trusted by default (as it was in 3.0.21)
No. FreeRADIUS doesn't come with any private CAs by default. No CAs are trusted by default. You have to configure the CAs in the raddb/certs directory.
if using the intermediate certificate for TLS auth. The simple workaround is just install the root CA as ca trust store in freeRadius, but just curious if this behavior is going forward in the future or not.
You've always had to configure the root CA in FreeRADIUS. Alan DeKok.