chain certificate problem

A.L.M.Buxey at A.L.M.Buxey at
Fri Nov 8 15:09:19 CET 2013


> Thank you for your answer, but it doesn't work. I don't see where you can declarate this certificate. 
> There is field CAfile, but it is related to the authentication of the client (EAP-TLS). Furthermore, if I use this field with all the certificates concatenated, freeradius complains it is not readable. 

well, ensure that FreeRADIUS can READ that file (chmod/file permissions)
and ensure it contains only valid data.

ensure that certificate_file contains the server cert, the intermediates
and the root CA (in a format that can be read - eg PEM/CRT) and
DONT use CA_file

if the client doesnt know/trust the root CA then it SHOULD complain.

use a deployment tool to get the root CA onto the client..ensure
your client has correct security settings (trust the CA, check the
commonname of the RADIUS certificate)


More information about the Freeradius-Users mailing list