Sending CA certificate during EAP-TLS
Reimer Karlsen-Masur, DFN-CERT
karlsen-masur at dfn-cert.de
Fri Jun 29 10:33:21 CEST 2007
Hi.
Eshun Benjamin wrote:
>
> Well in my current configuration I have the RADIUS server certificate in
> certificate_file and CA certificate in CA_file.
>
> But with that configuration , the radius server is still sending the CA
> certificate.
>
> The CA_path folder is empty and the CA_file is commented out. This
> should work for you.
>
> tls {
> #
> # These is used to simplify later configurations.
> #
> certdir = ${raddbdir}/certs
> cadir = ${raddbdir}/certs/trustedCA
>
> private_key_password = whatever
> private_key_file = ${certdir}/server.pem
> certificate_file = ${certdir}/server.pem
>
> # Trusted Root CA list - CA_path folder is empty
> # CA_file = ${cadir}/ca.pem
> CA_path = ${raddbdir}/certs/trustedCA
If the configuration is as minimal as suggested (no chain certificates in
certificate_file) and FreeRadius is still sending the complete server CA
chain build, this must be some FreeRadius magic....
How do you check if FreeRadius is actually sending the chain?
--
Beste Gruesse / Kind Regards
Reimer Karlsen-Masur
DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
--
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5853 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070629/a45f1311/attachment.bin>
More information about the Freeradius-Users
mailing list