chain certificate problem
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Nov 8 15:09:19 CET 2013
Hi,
> Thank you for your answer, but it doesn't work. I don't see where you can declarate this certificate.
> There is field CAfile, but it is related to the authentication of the client (EAP-TLS). Furthermore, if I use this field with all the certificates concatenated, freeradius complains it is not readable.
well, ensure that FreeRADIUS can READ that file (chmod/file permissions)
and ensure it contains only valid data.
ensure that certificate_file contains the server cert, the intermediates
and the root CA (in a format that can be read - eg PEM/CRT) and
DONT use CA_file
if the client doesnt know/trust the root CA then it SHOULD complain.
use a deployment tool to get the root CA onto the client..ensure
your client has correct security settings (trust the CA, check the
commonname of the RADIUS certificate)
alan
More information about the Freeradius-Users
mailing list