Multiple SSL CA Files

Alan DeKok aland at
Thu Feb 15 03:00:59 CET 2007

Michael Courtney wrote:
> I would like to have two SSL certs on the Radius box: one, for the 
> internal connections to our servers, and two, an SSL cert that one can 
> verify as a trusted Root Authority for the TTLS connections.
> This is causing an issue right now on the server.

  No, many people are doing what you want to do.  It isn't a problem.

> Here's the output in the logs:
> Feb 14 12:47:26 radius kernel: audit(1171478846.538:8): avc:  denied  { 
> read } for  pid=10837 comm="radiusd" 
> name="" dev=dm-0 ino=1310741 
> scontext=root:system_r:radiusd_t:s0 
> tcontext=root:object_r:user_home_t:s0 tclass=file

  You're running SELinux, and you've configured it so that radiusd
doesn't have permission to read the certificate file.  Fix that.

> As you can see, the CA_files are different, since they are signed by 
> different certificate authorities. I have tried this configuration and 
> 777'ed each of the files to no avail.

  The "avc: denied { read }" says it's not a permissions issue.  Look
that text up on Google, and you'll see more.

> Is the configuration I'm trying to implement possible? Any help that you 
> can offer would be greatly appreciated!

  There's nothing in FreeRADIUS or SSL that is preventing the
configuration from working.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list