On 03/12/2020 21:01, Igor Sousa wrote:
I created a bundle with intermediate and root certificates, in this order an. I configured the /etc/freeradius/mods-enabled/eap as below: private_key_file = <path for server private key that I created> certificate_file = <new path for server.pem received from GlobalSign> ca_file = <path to ca.bundle obtained by cat intermediate.pem >> ca.bundle and cat root.pem >> ca.bundle>
That's not right, unless you are using EAP-TLS and want anyone with a certificate generated by GlobalSign to be able to authenticate. private_key_file should be a .pem file with the private key. certificate_file should be a .pem file containing the server certificate and the intermediate certificate, in that order. Don't set ca_file at all. Don't put the GlobalSign root CA in any of the files. The clients have that already to check that the server cert is genuine. -- Matthew