20 Feb
2009
20 Feb
'09
5:13 a.m.
So there is no way at all to get the client to pick up the cert chain without directly installing the intermediate cert on it?
No.
Is this actually a client issue of it refusing to use chains for this then, rather than a FreeRADIUS issue of it not passing the chain?
Yes.
Thanks very much for all your help. This only came up because Verisign have stopped issuing directly root-signed certs, as have the other major cert authorities, it would seem. Our previous cert was directly root signed, and thus worked fine. I (possibly foolishly) assumed that if all the major CAs were shifting to chained certs for everything that the majority of clients using ssl supported them as well.
Have a look at RapidSSL/Geo Trust. Ivan Kalik Kalik Informatika ISP