Hi,
Question is: When Freeradius receive user certificate how daemon find correct CRL list in certs directory?
The CRL needs to be in the same directory as the CAs, and needs to be hashed with c_rehash just like the CA certs. CRLs automatically get the hash suffix ".r0" instead of ".0". You will still need to restart FreeRADIUS after downloading a new CRL; re-reading them at runtime is not possible due to glorious openSSL. Stefan
Thank you
— Martin Čmelík
2011/11/14 Alan DeKok <aland@deployingradius.com>:
Martin Čmelík wrote:
nobody knows how setup freeradius to check new CRL lists? FreeRADIUS uses OpenSSL for CRLs (and everything SSL). OpenSSL does not support dynamically adding CRLs at run time.
See the "ocsp" support in 2.1.12.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html