pon., 31 lip 2023, 16:34 użytkownik Alan DeKok <aland@deployingradius.com> napisał:
On Jul 31, 2023, at 2:30 AM, Maciej Kowalka <maciejkowalkati@gmail.com> wrote:
Hi, I've got configures freeradius 3.2 with eap tls, and working certificates, users can be authorized to network but I get warnings every time :
If it works...
don't touch it....
Certificate chain - 1 cert(s) untrusted
(TLS) untrusted certificate with depth [1] subject name /C=PL/ST=MyState/O=MyOrg/CN=Intermediate CA
(TLS) untrusted certificate with depth [0] subject name /C=PL/ST=MyState/O=MyOrg/CN=client
Is there solution to this or so I have to ignore it, and live with it?
Configure the server so that it knows about the certificates. That way they will be trusted.
See mods-available/eap. Look for "reject_unknown_intermediate_ca"
Alan DeKok.
I tried but probably didn't do it right, can you point to how exactly to do it? The things I tried: - adding intermediate-ca.pem to certificate folder - concatenate Intermediate-ca.pem and ca.pem together - adding Intermediate-ca.pem to server.pem certificate - changing the config ca_file to point to the Intermediate-ca.pem None of these things worked, so I would appreciate writing what I need to configure. Preferably with an example :) Maciej