FreeRADIUS EAP-TLS and SSL certificate chains
tnt at kalik.net
tnt at kalik.net
Fri Feb 20 11:13:32 CET 2009
>So there is no way at all to get the client to pick up the cert chain
>without directly installing the intermediate cert on it?
No.
>Is this
>actually a client issue of it refusing to use chains for this then,
>rather than a FreeRADIUS issue of it not passing the chain?
Yes.
>Thanks very much for all your help. This only came up because Verisign
>have stopped issuing directly root-signed certs, as have the other major
>cert authorities, it would seem. Our previous cert was directly root
>signed, and thus worked fine. I (possibly foolishly) assumed that if all
>the major CAs were shifting to chained certs for everything that the
>majority of clients using ssl supported them as well.
Have a look at RapidSSL/Geo Trust.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list