How to activate the certificate revocation list I created

Josh Hiner josh at
Fri Jun 5 23:01:42 CEST 2009

Hello, I have been searching for documentation on activating a 
certificate revocation list I just created with openssl. It is a crl.pem 
signed by my ca cert. I just need freeradius to reference it so that the 
one certificate I revoked gets denied on authentication.

Here is what I have so far in my eap.conf (I am running freeradius 2.1.3 
on REHL)

crl_file = ${raddbdir}/certs/makecertificates/issued/crl.pem
check_crl = yes
CA_path = ${raddbdir}/certs/makecertificates/issued/

Are these lines correct? Are any lines I have up there unnecessary? 
Also, do I need to have my CA certificate in the same directory as the 
crl.pem file? It seems to hint towards that in the eap.conf file.

Thanks for any help

More information about the Freeradius-Users mailing list