On Jan 23, 2024, at 10:30 AM, SENECAUX Ludovic <Ludovic.SENECAUX@lenord.fr> wrote:
It is the same virtual machine.
OK.
I reinstalled FR 3.0.20, and I saw the "reject_unknown_intermediate_ca" parameter does not exist in this version. If I add this to eap configuration, it is not loaded during server starts.
Yes it doesn't exist in 3.0.
So, is the value 'yes' implicit in this branch ?
No. The default value is "no". You can check this by running the server in debug mode, and looking for that configuration. My suggestion is to add the root and intermediate CAs to the "certificate_file", along with the server cert. This configuration tells the server (and OpenSSL) that this particular root CA and this particular intermediate CA are trusted. Alan DeKok.