Kris Armstrong wrote:
I am trying to configure free radius with multiple ROOT CA's. This is not a products environment it is purely a test environment. We need the ability to test out products against freeradius and other radius servers. using multiple different certificate sizes and ROOT CA's.
That should work, but it all depends on OpenSSL.
I currently have the following in my EAP.conf file. Based on the way I read the eap.conf file this would be the correct way of doing it. Here is what happens. I can authenticate against the first ROOT CA
Uh... your configuration is wrong.
no matter which one it is as long as its the first in the list. its like all other CA's are ignored.
They are ignored. The documentation does *not* say you can have multiple "CA_file" entries. Instead, put all of the CAs into one file. Or, put the certs into their own files, delete the CA_file entry, and configure CA_path.
I had read on another forum that in order to support multiple ROOT CAs you just put them all in the same file. I tried this as well with just the certs as well as with the certs and the private keys neither seemed to work.
I don't understand what that means. You put *what* into one file? Just the certs? Or the certs and private keys? If so, why? Alan DeKok.