Migrating to a new server from 2.x to 3.0.4 CentOS 7
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Jul 2 00:05:53 CEST 2015
> On 1 Jul 2015, at 17:46, Kris Armstrong <kris.armstrong at me.com> wrote:
>
> There are no intermediate its a single Root CA and it is set
>
> My EAP file TLS Section
>
> I’ve commented out all but 2048ca.pem my client.pem is signed by but no difference.
>
> ca_file = ${cadir}/ca.pem
>
> # Customer CA Files:
> ca_file = ${cadir}/00374255/root_ca.pem
>
> # FNET CA Files:
> ca_file = ${cadir}/fnetCerts/CA/pem/512ca.pem
> ca_file = ${cadir}/fnetCerts/CA/pem/768ca.pem
> ca_file = ${cadir}/fnetCerts/CA/pem/1024ca.pem
> ca_file = ${cadir}/fnetCerts/CA/pem/1280ca.pem
> ca_file = ${cadir}/fnetCerts/CA/pem/1536ca.pem
> ca_file = ${cadir}/fnetCerts/CA/pem/1792ca.pem
> ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
> ca_file = ${cadir}/fnetCerts/CA/pem/4096ca.pem
> ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
Um, no, that's not how you configure them.
You need to concatenate them all the CAs into the same file, as I said before. Or use the ca_path config item and specify a directory that holds the Ca files.
You for 3.0.8 need to install the openssl-devel rpm to build from source.
Could you provide your config.log so we can try and fix it to produce a more user friendly error.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150701/39e7c2a5/attachment-0001.sig>
More information about the Freeradius-Users
mailing list