Yup but as it says # Warning: this may enable clients with revoked # certificates to connect if the OCSP responder is not # available. Use with caution. # Think I'd rather have ability to try another OCSP server at this point. On 1 April 2016 at 12:02, Matthew Newton <mcn4@leicester.ac.uk> wrote:
On Fri, Apr 01, 2016 at 10:01:01AM +0000, A.L.M.Buxey@lboro.ac.uk wrote:
Did have a load balancer (F5) was all working and then some thing changed and all the FR severs forwarding OCSP requests ( like from Networkshop in Manchester :/)) ) stopped working. Our systems people fixed it ... But it was working. Just glad we didn't have shedloads of people using EAP-TLS :-))
you could fail open as a safety guard?
That's why we've got the softfail option :)
https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-avail...
Matthew
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html