Free Radius 2.1.10 ubuntu 10.10 Multiple RootCA

John Dennis jdennis at redhat.com
Tue Oct 25 22:59:38 CEST 2011


On 10/25/2011 11:07 AM, Kris Armstrong wrote:
> I am trying to configure free radius with multiple ROOT CA's. This is
> not a products environment it is purely a test environment. We need the
> ability to test out products against freeradius and other radius
> servers. using multiple different certificate sizes and ROOT CA's.
>
> I currently have the following in my EAP.conf file. Based on the way I
> read the eap.conf file this would be the correct way of doing it. Here
> is what happens. I can authenticate against the first ROOT CA no matter
> which one it is as long as its the first in the list. its like all other
> CA's are ignored. In the below as you can see I have commented out the
> first few ROOT CAs and the 1024ca.pem is the current first in the list.
> I am able to authenticate against this one but none past. if I comment
> out 1024 then I can authenticate against the next. Any help would be
> greatly appreciated.
>
> I had read on another forum that in order to support multiple ROOT CAs
> you just put them all in the same file. I tried this as well with just
> the certs as well as with the certs and the private keys neither seemed
> to work. I believe that was on a Radius 1.x server though so maybe

I've reread this email several times and don't understand it, from a 
SSL/TLS perspective it doesn't make a lot of sense. Perhaps if you 
explained what you're trying to accomplish (in detail) or what you're 
expecting to happen it would help. I also think it might benefit you if 
you brushed on the role of a server cert, a server private key, and CA 
validation. Then go back and read the comments in eap.conf, I think 
you'll find your answer without having to come back to the list for help.


-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list