HOW TO FIX THE PROBLEM OF THE ISSUER of clients certificates in default configuration? - this bug is suspected to make i can't do EAP-PEAP and affect the CRL management too. it's a real problem ----- Message d'origine ---- De : Alan DeKok <aland@deployingradius.com> À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoyé le : Jeudi, 24 Juillet 2008, 19h54mn 32s Objet : Re: cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls) Sergio wrote:
But the debug I posted shows that radius doesn't recognize the issuer of client cert using default certs. If default certs works and I don't need to install server.pem and ca.pem into ssl/certs dir, what I'm forgetting alan?
You need to follow the documentation in eap.conf. # If CA_file (below) is not used, then the # certificate_file below MUST include not # only the server certificate, but ALSO all # of the CA certificates used to sign the # server certificate. certificate_file = ${certdir}/server.pem Have you done that? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____________________________________________________________________________ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr