chain certificate problem
Thierry Chich
thierry.chich at ac-clermont.fr
Thu Nov 7 09:43:16 CET 2013
Le mercredi 6 novembre 2013 21:59:26 Alan Buxey a écrit :
> Concatenate your root and intermediates and use those. Beware of using a cert dir and the CA path as if done incorrectly then someone could authenticate just by having a cert signed with the same root CA as your RADIUS server
>
> alan
>
Thank you for your answer, but it doesn't work. I don't see where you can declarate this certificate.
There is field CAfile, but it is related to the authentication of the client (EAP-TLS). Furthermore, if I use this field with all the certificates concatenated, freeradius complains it is not readable.
My question is: is it a way to deal with a chain other than load the full chain in the client ?
--
Thierry CHICH
Responsable réseaux académiques
Equipe Réseaux/Pôle National de Compétence en Réseaux
Rectorat de Clermont-Ferrand - Centre Informatique Académique
Tel: 04.73.99.30.54
More information about the Freeradius-Users
mailing list