Free Radius 2.1.10 ubuntu 10.10 Multiple RootCA
Alan DeKok
aland at deployingradius.com
Tue Oct 25 17:29:59 CEST 2011
Kris Armstrong wrote:
> I am trying to configure free radius with multiple ROOT CA's. This is
> not a products environment it is purely a test environment. We need the
> ability to test out products against freeradius and other radius
> servers. using multiple different certificate sizes and ROOT CA's.
That should work, but it all depends on OpenSSL.
> I currently have the following in my EAP.conf file. Based on the way I
> read the eap.conf file this would be the correct way of doing it. Here
> is what happens. I can authenticate against the first ROOT CA
Uh... your configuration is wrong.
> no matter
> which one it is as long as its the first in the list. its like all other
> CA's are ignored.
They are ignored. The documentation does *not* say you can have
multiple "CA_file" entries.
Instead, put all of the CAs into one file. Or, put the certs into
their own files, delete the CA_file entry, and configure CA_path.
> I had read on another forum that in order to support multiple ROOT CAs
> you just put them all in the same file. I tried this as well with just
> the certs as well as with the certs and the private keys neither seemed
> to work.
I don't understand what that means. You put *what* into one file?
Just the certs? Or the certs and private keys? If so, why?
Alan DeKok.
More information about the Freeradius-Users
mailing list