EAP-TLS vs X.509 certificate chains
Looking at the mailing list it's seems not possibile configure freeradius to use a CA chains certificate, instead of a single CA root. Since also Comodo distribute server certificate in that way I wonder if this could be managed in future release of freeradius. Comodo has been choosen by Terena TCS service that is used by almost all educational organization in Europe .. and many of them, like mine, use also FreeRadius. Regards, Paolo. ------------------------------------------------------------------------------------------------ Paolo Barbato Consorzio RFX corso Stati Uniti,4 35127 Padova - Italy Network Administrator phone: +39 049 8295097 fax: +39 049 8700718 ------------------------------------------------------------------------------------------------
On 06/04/2010 05:42 AM, Paolo Barbato wrote:
Looking at the mailing list it's seems not possibile configure freeradius to use a CA chains certificate, instead of a single CA root.
Why do you believe that? Use the certificate_file config item in eap.conf. The certificates must be in PEM format and must be sorted starting with the subject’s certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/
participants (2)
-
John Dennis -
Paolo Barbato