FreeRADIUS EAP-TLS and SSL certificate chains

tnt at tnt at
Thu Feb 19 13:40:37 CET 2009

>I was incorrect about us doing EAP-TLS. We're doing EAP-PEAP, which does
>not require a client certificate. My understanding however is that for
>passing of the server certificate to validate our server to the clients
>the options with the tls subsection of the eap.conf file are still used.

For that you need to export just the intermediate certificate used to
sign the server certificate onto the clients. They should have the root
one already.

Import intermediate certificate (.der or .crt version) onto a client.
Copy server.crt onto the client desktop and see if Windows recongnized
the chain.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list