How to activate the certificate revocation list I created
Hello, I have been searching for documentation on activating a certificate revocation list I just created with openssl. It is a crl.pem signed by my ca cert. I just need freeradius to reference it so that the one certificate I revoked gets denied on authentication. Here is what I have so far in my eap.conf (I am running freeradius 2.1.3 on REHL) crl_file = ${raddbdir}/certs/makecertificates/issued/crl.pem check_crl = yes CA_path = ${raddbdir}/certs/makecertificates/issued/ Are these lines correct? Are any lines I have up there unnecessary? Also, do I need to have my CA certificate in the same directory as the crl.pem file? It seems to hint towards that in the eap.conf file. Thanks for any help
Just wondering if anyone out there is able to provide any feedback on this? Sorry to bother. I just cant find any consistent documentation or examples out there. I have the crl created, just need to know how to implement the crl.pem correctly. Thanks!
Hello, I have been searching for documentation on activating a certificate revocation list I just created with openssl. It is a crl.pem signed by my ca cert. I just need freeradius to reference it so that the one certificate I revoked gets denied on authentication.
Here is what I have so far in my eap.conf (I am running freeradius 2.1.3 on REHL)
crl_file = ${raddbdir}/certs/makecertificates/issued/crl.pem check_crl = yes CA_path = ${raddbdir}/certs/makecertificates/issued/
Are these lines correct? Are any lines I have up there unnecessary? Also, do I need to have my CA certificate in the same directory as the crl.pem file? It seems to hint towards that in the eap.conf file.
Thanks for any help
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Josh Hiner wrote:
Just wondering if anyone out there is able to provide any feedback on this? Sorry to bother. I just cant find any consistent documentation or examples out there. I have the crl created, just need to know how to implement the crl.pem correctly.
It's really an OpenSSL question. The FreeRADIUS portion is documented in eap.conf. Look for "crl". There's really nothing to add to it. Alan DeKok.
participants (2)
-
Alan DeKok -
Josh Hiner