About the file pointed at by setting "certificate_file"

Alan DeKok aland at deployingradius.com
Mon Sep 8 14:31:14 CEST 2014

Axel Luttgens wrote:
> It "works", in the sense that a client connecting thru TTLS receives both certificates, which is exactly what I want. :-)


> Now, it is true that I currently don't implement TLS.

  What does that mean?  EAP-TLS is enabled in v3 by adding a "tls {...}"
block to mods-available/eap.  Then, creating client certificates and
adding them to the clients.

> Putting above comments together, it seems that I could thus comment out the "ca_file = ..." line,
> and merge both certificates, my_server_cert.pem and my_root_ca_cert.pem, into a single file, say "my_combined_certs". And then define:
> 		certificate_file = /path/to/my_combined_certs

  To do what?

> What format(s) is (are) allowed by FR for that file "my_combined_certs"?

  Whatever formats are allowed by OpenSSL.  FreeRADIUS doesn't implement
SSL itself.

> Would a simple cat of the two certificates (currently in PEM format) be sufficient?

  How about trying it?

  Alan DeKok.

More information about the Freeradius-Users mailing list