On Tue, Apr 05, 2016 at 05:03:34PM +0200, Wouter wrote:
Ok, thanks, I understand. I added OCSP checking with ocsp { enable = yes override_cert_url = no url = "http://ocsp.startssl.com/sub/class1/client/ca" } but it didn't work, exited with the error " Error: OCSP response has wrong nonce value " . The site https://blog.pki.dfn.de/tag/freeradius/ helped me make it work with the hint to add "use_nonce = no".
Which is documented right next to the other OCSP options you set :) https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-avail... Note the security warning in that text. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>