EAP-TLS CRL checking when multiple CAs used

Martin Čmelík martin.cmelik at gmail.com
Mon Nov 14 10:43:11 CET 2011

Hi Alan,

I did, there is nothing about it.

Only this:

#  Check the Certificate Revocation List
#  1) Copy CA certificates and CRLs to same directory.
#  2) Execute 'c_rehash <CA certs&CRLs Directory>'.
#    'c_rehash' is OpenSSL's command.
#  3) uncomment the line below.
#  5) Restart radiusd
#       check_crl = yes

We have all CAs in ca.pem and CRL lists in separate file
crl1.pem+.der, crl2.pem+.der, ect...


that's what I did.
OK I will try to do same thing with previous configuration. Maybe that
I miss something.

Thank you

Martin Čmelík

2011/11/14 Alan DeKok <aland at deployingradius.com>:
> Martin Čmelík wrote:
>> Question is: When Freeradius receive user certificate how daemon find
>> correct CRL list in certs directory?
>  Read raddb/eap.conf.  This is documented.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list