chain certificate problem

Stefan Winter stefan.winter at
Thu Nov 7 12:38:39 CET 2013


> My question is: is it a way to deal with a chain other than load the full chain in the client ?

Yes. Append the intermediates after the *server* cert in the server
cert's file. That way, the intermediates get sent along during the EAP

The root CA must of course be pre-provisioned onto the client. There is
no point in sending it.


Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list