cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

Alan DeKok aland at deployingradius.com
Thu Jul 24 21:54:32 CEST 2008


Sergio wrote:
> But the debug I posted shows that radius doesn't recognize the issuer of
> client cert using default certs. If default certs works and I don't need
> to install server.pem and ca.pem into ssl/certs dir, what I'm forgetting
> alan?

  You need to follow the documentation in eap.conf.

			#  If CA_file (below) is not used, then the
			#  certificate_file below MUST include not
			#  only the server certificate, but ALSO all
			#  of the CA certificates used to sign the
			#  server certificate.
			certificate_file = ${certdir}/server.pem

  Have you done that?

  Alan DeKok.



More information about the Freeradius-Users mailing list