Hola, maybe of the point but you can use openssl“s built in tools to check CA, server and client certificates.
openssl "s_client" or "s_server"
// J Cerney, Lawrence wrote:
I work in a test environment and need to test with certs created with different CA's. I haven't been able to get more than one CA at a time to work. I've got 8 CA's and I need to keep 7 commented out for the certs to authenticate.
The question is can FreeRADIUS support more than one CA at a time, and if so how?
FreeRADIUS 1.0.0-Pre3
tls { private_key_password = password private_key_file = /etc/1x/freeradius.pem #private_key_file = /etc/1x/server512.pem #private_key_file = /etc/1x/server1024.pem #private_key_file = /etc/1x/server1024v3.pem #private_key_file = /etc/1x/server1536.pem #private_key_file = /etc/1x/server2048.pem #private_key_file = /etc/1x/server4096.pem
# If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. certificate_file = /etc/1x/freeradius.pem #certificate_file = /etc/1x/server512.pem #certificate_file = /etc/1x/server1024.pem #certificate_file = /etc/1x/server1024v3.pem #certificate_file = /etc/1x/server1536.pem #certificate_file = /etc/1x/server2048.pem #certificate_file = /etc/1x/server4096.pem
# Trusted Root CA list CA_file = /etc/1x/FlukeNetWotter.pem #CA_file = /usr/local/etc/raddb/certs/PV_512_CA.pem #CA_file = /usr/local/etc/raddb/certs/PV_768_CA.pem #CA_file = /usr/local/etc/raddb/certs/PV_1024_CA.pem #CA_file = /usr/local/etc/raddb/certs/PV_1280_CA.pem #CA_file = /usr/local/etc/raddb/certs/PV_1536_CA.pem #CA_file = /usr/local/etc/raddb/certs/PV_1792_CA.pem #CA_file = /usr/local/etc/raddb/certs/PV_2048_CA.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random thanks...
Larry
This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/Quick-question-RE%3A-FreeRADIUS-Trusted-Root-CA-List-t... Sent from the FreeRadius - User mailing list archive at Nabble.com.