Sending CA certificate during EAP-TLS
Reimer Karlsen-Masur, DFN-CERT
karlsen-masur at dfn-cert.de
Wed Jun 20 13:23:32 CEST 2007
Hi,
in the file referenced by the option variable "certificate_file" in the tls
section only put the server certificate (and optionally the private key) of
your RADIUS server.
i.e. don't put ca certificates of the chain into that file.
I don't know how to prevent the client from sending CA path certificates....
Rafa Marin wrote:
> Hi all,
>
> Is there any way to configure free radius + eap-tls module to avoid to
> send CA certificate during EAP-TLS negotiation? As Free Radius is
> sending it right now EAP-TLS packets get fragmented and I would like to
> avoid it.
--
Beste Gruesse / Kind Regards
Reimer Karlsen-Masur
DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
--
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5853 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070620/6dc9a02d/attachment.bin>
More information about the Freeradius-Users
mailing list