WPA Enterprise Certificate renewal for FreeRadius

Mike Diggins mike.diggins at mcmaster.ca
Mon Jan 9 18:42:51 CET 2012

I use a Thawte Premium Server CA for my WPA2 Enterprise freeradius 
authentication certificate currently. My eap.conf 'certificate file' 
contains the certificate only, not the root and/or intermediates. That 
seems to be ok, since most clients already have the Thawte Root 
certificate installed.

I renewed the new certificate just recently and discovered that Thawte is 
no longer issuing certificates under the old root so my clients will 
likely be asked to trust the new certificate when I install it. All my 
documentation changes as well but that's another story.

My question is, what is the value of adding the roots/intermediates to the 
certificate file i.e certificate_file = ${certdir}/certificate.crt? Does 
it really allow a client without the Root already installed to verify this 


More information about the Freeradius-Users mailing list