chain certificate problem
Stefan Winter
stefan.winter at restena.lu
Thu Nov 7 12:38:39 CET 2013
Hi,
> My question is: is it a way to deal with a chain other than load the full chain in the client ?
Yes. Append the intermediates after the *server* cert in the server
cert's file. That way, the intermediates get sent along during the EAP
conversation.
The root CA must of course be pre-provisioned onto the client. There is
no point in sending it.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131107/8f626933/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131107/8f626933/attachment.pgp>
More information about the Freeradius-Users
mailing list