Multiple SSL CA Files
Alan DeKok
aland at deployingradius.com
Thu Feb 15 03:00:59 CET 2007
Michael Courtney wrote:
> I would like to have two SSL certs on the Radius box: one, for the
> internal connections to our servers, and two, an SSL cert that one can
> verify as a trusted Root Authority for the TTLS connections.
>
> This is causing an issue right now on the server.
No, many people are doing what you want to do. It isn't a problem.
> Here's the output in the logs:
>
> Feb 14 12:47:26 radius kernel: audit(1171478846.538:8): avc: denied {
> read } for pid=10837 comm="radiusd"
> name="radius.lawrencefreenet.org.crt" dev=dm-0 ino=1310741
> scontext=root:system_r:radiusd_t:s0
> tcontext=root:object_r:user_home_t:s0 tclass=file
You're running SELinux, and you've configured it so that radiusd
doesn't have permission to read the certificate file. Fix that.
> As you can see, the CA_files are different, since they are signed by
> different certificate authorities. I have tried this configuration and
> 777'ed each of the files to no avail.
The "avc: denied { read }" says it's not a permissions issue. Look
that text up on Google, and you'll see more.
> Is the configuration I'm trying to implement possible? Any help that you
> can offer would be greatly appreciated!
There's nothing in FreeRADIUS or SSL that is preventing the
configuration from working.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list