Quick question RE: FreeRADIUS Trusted Root CA List

Jayal1972 joakim.lindgren at gmail.com
Tue Feb 5 00:10:23 CET 2008 

Hola,
maybe of the point but you can use openssl´s built in tools to check CA,
server and client certificates.

> openssl "s_client" or "s_server"

 // J





Cerney, Lawrence wrote:
> 
> I work in a test environment and need to test with certs created with
> different CA's.  I haven't been able to get more than one CA at a time
> to work. I've got 8 CA's and I need to keep 7 commented out for the
> certs to authenticate.
> 
> The question is can FreeRADIUS support more than one CA at a time, and
> if so how?
> 
> FreeRADIUS 1.0.0-Pre3
> 
> tls {
>                         private_key_password = password
>                         private_key_file = /etc/1x/freeradius.pem
>                         #private_key_file = /etc/1x/server512.pem
>                         #private_key_file = /etc/1x/server1024.pem
>                         #private_key_file = /etc/1x/server1024v3.pem
>                         #private_key_file = /etc/1x/server1536.pem
>                         #private_key_file = /etc/1x/server2048.pem
>                         #private_key_file = /etc/1x/server4096.pem
> 
>                         #  If Private key & Certificate are located in
>                         #  the same file, then private_key_file &
>                         #  certificate_file must contain the same file
>                         #  name.
>                         certificate_file = /etc/1x/freeradius.pem
>                         #certificate_file = /etc/1x/server512.pem
>                         #certificate_file = /etc/1x/server1024.pem
>                         #certificate_file = /etc/1x/server1024v3.pem
>                         #certificate_file = /etc/1x/server1536.pem
>                         #certificate_file = /etc/1x/server2048.pem
>                         #certificate_file = /etc/1x/server4096.pem
> 
>                         #  Trusted Root CA list
>                         CA_file = /etc/1x/FlukeNetWotter.pem
>                         #CA_file =
> /usr/local/etc/raddb/certs/PV_512_CA.pem
>                         #CA_file =
> /usr/local/etc/raddb/certs/PV_768_CA.pem
>                         #CA_file =
> /usr/local/etc/raddb/certs/PV_1024_CA.pem
>                         #CA_file =
> /usr/local/etc/raddb/certs/PV_1280_CA.pem
>                         #CA_file =
> /usr/local/etc/raddb/certs/PV_1536_CA.pem
>                         #CA_file =
> /usr/local/etc/raddb/certs/PV_1792_CA.pem
>                         #CA_file =
> /usr/local/etc/raddb/certs/PV_2048_CA.pem
>                         dh_file = ${raddbdir}/certs/dh
>                         random_file = ${raddbdir}/certs/random
> thanks...
> 
> Larry
> 
> This message (including any attachments) contains confidential 
> and/or proprietary information intended only for the addressee.  
> Any unauthorized disclosure, copying, distribution or reliance on 
> the contents of this information is strictly prohibited and may 
> constitute a violation of law.  If you are not the intended 
> recipient, please notify the sender immediately by responding to 
> this e-mail, and delete the message from your system.  If you 
> have any questions about this e-mail please notify the sender 
> immediately.
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/Quick-question-RE%3A-FreeRADIUS-Trusted-Root-CA-List-tp15233015p15279984.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list