About the file pointed at by setting "certificate_file"
Alan DeKok
aland at deployingradius.com
Mon Sep 8 14:31:14 CEST 2014
Axel Luttgens wrote:
> It "works", in the sense that a client connecting thru TTLS receives both certificates, which is exactly what I want. :-)
OK.
> Now, it is true that I currently don't implement TLS.
What does that mean? EAP-TLS is enabled in v3 by adding a "tls {...}"
block to mods-available/eap. Then, creating client certificates and
adding them to the clients.
> Putting above comments together, it seems that I could thus comment out the "ca_file = ..." line,
> and merge both certificates, my_server_cert.pem and my_root_ca_cert.pem, into a single file, say "my_combined_certs". And then define:
> certificate_file = /path/to/my_combined_certs
To do what?
> What format(s) is (are) allowed by FR for that file "my_combined_certs"?
Whatever formats are allowed by OpenSSL. FreeRADIUS doesn't implement
SSL itself.
> Would a simple cat of the two certificates (currently in PEM format) be sufficient?
How about trying it?
Alan DeKok.
More information about the Freeradius-Users
mailing list