Freeradius-1.1.1 with CRL configuration
Hi All, I want to configure the CRL in freeradius-1.1.1 version. Followed the procedures given in the config file, but the result is not as expected. The configuration in eap.conf are, 1) Copy CA certificates and CRLs to same directory. I appended the crl into CA file 2) Execute 'c_rehash <CA certs&CRLs Directory>'. Is it necessary? But i did this too 3) Add 'CA_path=<CA certs&CRLs directory>' 4) enable the crl check check_crl = yes 5) Restart radiusd CRL says that the client certificate is revoked. But, the user is still able to get authenticated by the radius server. Please let me know if i am missing any configuration. Thanks for your kind help in advance.
Hi, In an somewhat related issue I found that c_rehash indeed only generates the hash-named symlink to the first certificate/crl in a pem file containing more than one of them. So, yes, you need to do what you did, but it is not sufficient. You could split the certificates, crls etc in different files and rehash again or alternatively provide the necessary symlinks yourself, by script or whatever suits you. But this is not a freeradius an esp. no -devel problem, please check openssl docs. regards K. Hoercher
participants (2)
-
K. Hoercher -
sumi thra