8 Jun
2023
8 Jun
'23
5:54 a.m.
On Jun 8, 2023, at 11:41 AM, MH <h33927318@gmail.com> wrote:
FreeRadius debug log says that certificate is untrusted. I don't know what are conditions which result in this decision. As I wrote earlier, I did not find any other openat(), so I think there were no other CA checks in chain (b6296c9d.0 contains intermediate CA).
Each file in the ca_path must contain only one certificate. This is an OpenSSL limitation. The ca_path directory must contain all CA certificates used to create the client certificate. If you put multiple CAs into one file, then you must use the "ca_file" configuration for FreeRADIUS, not "ca_path". This is all documented. Alan DeKok.