How to activate the certificate revocation list I created

Josh Hiner josh at
Mon Jun 8 14:46:04 CEST 2009

Just wondering if anyone out there is able to provide any feedback on 
this? Sorry to bother. I just cant find any consistent documentation or 
examples out there. I have the crl created, just need to know how to 
implement the crl.pem correctly.


> Hello, I have been searching for documentation on activating a 
> certificate revocation list I just created with openssl. It is a 
> crl.pem signed by my ca cert. I just need freeradius to reference it 
> so that the one certificate I revoked gets denied on authentication.
> Here is what I have so far in my eap.conf (I am running freeradius 
> 2.1.3 on REHL)
> crl_file = ${raddbdir}/certs/makecertificates/issued/crl.pem
> check_crl = yes
> CA_path = ${raddbdir}/certs/makecertificates/issued/
> Are these lines correct? Are any lines I have up there unnecessary? 
> Also, do I need to have my CA certificate in the same directory as the 
> crl.pem file? It seems to hint towards that in the eap.conf file.
> Thanks for any help
> -
> List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list