WPA Enterprise Certificate renewal for FreeRadius

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Jan 9 21:13:32 CET 2012


> My question is, what is the value of adding the roots/intermediates to the 
> certificate file i.e certificate_file = ${certdir}/certificate.crt? Does 
> it really allow a client without the Root already installed to verify this 
> certificate?

for a client to validate a cert, it needs to already know and trust the CA
for that cert - otherwise one half of the trust relationship is gone.

IF you need to use an intermediate as well as the server cert, then by sending it
down the link to the client, you can ensure the client will be happy with
the server cert (so long as they trust the CA) if they havent already got
the intermediate.


More information about the Freeradius-Users mailing list