EAP-TLS with server and client certificates by different CA
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Aug 5 09:54:53 CEST 2015
Hi,
> CA_file = ${cadir}/eltex-ca.crt \
> ${certdir}/COMODORSADomainValidationSecureServerCA.crt \
> ${certdir}/COMODORSAAddTrustCA.crt \
> ${certdir}/AddTrustExternalCARoot.crt
errr? no. CA_File is just a file. put one entry there. perhaps you can use a file with all of these concatenated
but the usual way is
1) have all your certs in the certdir
2) for the certificate_file entry, eg PEAP, have the server cert, its intermediates and the root in there
3) for CA_File, used for EAP-TLS, put your private CA in there
finally, think about not using a public root for your PEAP anyway
alan
More information about the Freeradius-Users
mailing list