On 10/25/2011 11:07 AM, Kris Armstrong wrote:
I am trying to configure free radius with multiple ROOT CA's. This is not a products environment it is purely a test environment. We need the ability to test out products against freeradius and other radius servers. using multiple different certificate sizes and ROOT CA's.
I currently have the following in my EAP.conf file. Based on the way I read the eap.conf file this would be the correct way of doing it. Here is what happens. I can authenticate against the first ROOT CA no matter which one it is as long as its the first in the list. its like all other CA's are ignored. In the below as you can see I have commented out the first few ROOT CAs and the 1024ca.pem is the current first in the list. I am able to authenticate against this one but none past. if I comment out 1024 then I can authenticate against the next. Any help would be greatly appreciated.
I had read on another forum that in order to support multiple ROOT CAs you just put them all in the same file. I tried this as well with just the certs as well as with the certs and the private keys neither seemed to work. I believe that was on a Radius 1.x server though so maybe
I've reread this email several times and don't understand it, from a SSL/TLS perspective it doesn't make a lot of sense. Perhaps if you explained what you're trying to accomplish (in detail) or what you're expecting to happen it would help. I also think it might benefit you if you brushed on the role of a server cert, a server private key, and CA validation. Then go back and read the comments in eap.conf, I think you'll find your answer without having to come back to the list for help. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/