CA Dir

Jeffrey Sewell jeffrey.sewell at gmail.com
Fri Jan 19 20:06:17 CET 2007


In the eap.conf, tls section, the comments say to use the 'CA_path'
variable in the radiusd.conf file to indicate where the trusted CA
chain will reside. However, this variable isn't in the tls section of
the radiusd.conf (it is in the LDAP section, but I'm pretty sure that
won't help me) file or the eap.conf file (where I thought it might
have moved). As an experiment, I added it to eap.conf and it loaded ok
with the following output:

tls: CA_path = "/usr/local/etc/raddb/certs/rootCA"
...
tls: CA_file = "(null)"

Unfortunately the CA_file is the imporant one as I discovered when I
tested the link:

Fri Jan 19 09:51:05 2007 : Error: TLS Alert write:fatal:unknown CA

So where is the appropriate place for the root chain?

--Jeffrey



More information about the Freeradius-Users mailing list