chain certificate problem

Thierry Chich thierry.chich at
Thu Nov 7 09:43:16 CET 2013

Le mercredi 6 novembre 2013 21:59:26 Alan Buxey a écrit :
> Concatenate your root and intermediates and use those.  Beware of using a cert dir and the CA path as if done incorrectly then someone could authenticate just by having a cert signed with the same root CA as your RADIUS server
> alan

Thank you for your answer, but it doesn't work. I don't see where you can declarate this certificate. 
There is field CAfile, but it is related to the authentication of the client (EAP-TLS). Furthermore, if I use this field with all the certificates concatenated, freeradius complains it is not readable. 

My question is: is it a way to deal with a chain other than load the full chain in the client ?

Thierry CHICH
Responsable réseaux académiques
Equipe Réseaux/Pôle National de Compétence  en Réseaux
Rectorat de Clermont-Ferrand - Centre Informatique Académique

More information about the Freeradius-Users mailing list