cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)
Reveal MAP
revealmapp at yahoo.fr
Fri Jul 25 12:05:14 CEST 2008
HOW TO FIX THE PROBLEM OF THE ISSUER of clients certificates in default configuration?
- this bug is suspected to make i can't do EAP-PEAP and affect the CRL management too. it's a real problem
----- Message d'origine ----
De : Alan DeKok <aland at deployingradius.com>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Jeudi, 24 Juillet 2008, 19h54mn 32s
Objet : Re: cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)
Sergio wrote:
> But the debug I posted shows that radius doesn't recognize the issuer of
> client cert using default certs. If default certs works and I don't need
> to install server.pem and ca.pem into ssl/certs dir, what I'm forgetting
> alan?
You need to follow the documentation in eap.conf.
# If CA_file (below) is not used, then the
# certificate_file below MUST include not
# only the server certificate, but ALSO all
# of the CA certificates used to sign the
# server certificate.
certificate_file = ${certdir}/server.pem
Have you done that?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080725/96230f78/attachment.html>
More information about the Freeradius-Users
mailing list