FreeRADIUS EAP-TLS and SSL certificate chains

tnt at tnt at
Fri Feb 20 11:13:32 CET 2009

>So there is no way at all to get the client to pick up the cert chain
>without directly installing the intermediate cert on it?

>Is this
>actually a client issue of it refusing to use chains for this then,
>rather than a FreeRADIUS issue of it not passing the chain?


>Thanks very much for all your help. This only came up because Verisign
>have stopped issuing directly root-signed certs, as have the other major
>cert authorities, it would seem. Our previous cert was directly root
>signed, and thus worked fine. I (possibly foolishly) assumed that if all
>the major CAs were shifting to chained certs for everything that the
>majority of clients using ssl supported them as well.

Have a look at RapidSSL/Geo Trust.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list