Axel Luttgens wrote:
It "works", in the sense that a client connecting thru TTLS receives both certificates, which is exactly what I want. :-)
OK.
Now, it is true that I currently don't implement TLS.
What does that mean? EAP-TLS is enabled in v3 by adding a "tls {...}" block to mods-available/eap. Then, creating client certificates and adding them to the clients.
Putting above comments together, it seems that I could thus comment out the "ca_file = ..." line, and merge both certificates, my_server_cert.pem and my_root_ca_cert.pem, into a single file, say "my_combined_certs". And then define: certificate_file = /path/to/my_combined_certs
To do what?
What format(s) is (are) allowed by FR for that file "my_combined_certs"?
Whatever formats are allowed by OpenSSL. FreeRADIUS doesn't implement SSL itself.
Would a simple cat of the two certificates (currently in PEM format) be sufficient?
How about trying it? Alan DeKok.