Reveal MAP escribió:
HOW TO FIX THE PROBLEM OF THE ISSUER of clients certificates in default configuration?
- this bug is suspected to make i can't do EAP-PEAP and affect the CRL management too. it's a real problem
----- Message d'origine ---- De : Alan DeKok <aland@deployingradius.com> À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoyé le : Jeudi, 24 Juillet 2008, 19h54mn 32s Objet : Re: cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)
Sergio wrote:
But the debug I posted shows that radius doesn't recognize the issuer of client cert using default certs. If default certs works and I don't need to install server.pem and ca.pem into ssl/certs dir, what I'm forgetting alan?
You need to follow the documentation in eap.conf.
# If CA_file (below) is not used, then the # certificate_file below MUST include not # only the server certificate, but ALSO all # of the CA certificates used to sign the # server certificate. certificate_file = ${certdir}/server.pem
Have you done that?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
------------------------------------------------------------------------ Envoyé avec Yahoo! Mail <http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html>. Une boite mail plus intelligente.
But I think this problem do not affect peap because peap do not use client certs, you only need to install ca.der into client machine and put the passwords