On Jan 18, 2018, at 1:45 PM, Gladewitz, Robert via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
i try to use tls with two ca. One ca have a CA chain and i concat all in one pem file. Then the following error can be found on authentication:
That's the client giving up on the server. It's not an error on the server.
If I use both certiface in a own file, it will work fine for the configuring certificate.
Then that's the thing to do.
Is thre same rules about ordering.
OpenSSL reads the certificate file in order.
Or are certificate with different SHA hashes not compatible?
Since it works when they're in different files, they are compatible. In the end.. upgrade to v3. It has a large number of things fixed. And, has some work-arounds for OpenSSL issues with auto-chaining of certificates. Alan DeKok.