Migrating to a new server from 2.x to 3.0.4 CentOS 7
Kris Armstrong
kris.armstrong at me.com
Thu Jul 2 00:19:59 CEST 2015
This is the only CA that is required for the client cert
ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
I have commented out the others as they are have no ties to my client ca
> On Jul 1, 2015, at 4:05 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>
>> On 1 Jul 2015, at 17:46, Kris Armstrong <kris.armstrong at me.com> wrote:
>>
>> There are no intermediate its a single Root CA and it is set
>>
>> My EAP file TLS Section
>>
>> I’ve commented out all but 2048ca.pem my client.pem is signed by but no difference.
>>
>> ca_file = ${cadir}/ca.pem
>>
>> # Customer CA Files:
>> ca_file = ${cadir}/00374255/root_ca.pem
>>
>> # FNET CA Files:
>> ca_file = ${cadir}/fnetCerts/CA/pem/512ca.pem
>> ca_file = ${cadir}/fnetCerts/CA/pem/768ca.pem
>> ca_file = ${cadir}/fnetCerts/CA/pem/1024ca.pem
>> ca_file = ${cadir}/fnetCerts/CA/pem/1280ca.pem
>> ca_file = ${cadir}/fnetCerts/CA/pem/1536ca.pem
>> ca_file = ${cadir}/fnetCerts/CA/pem/1792ca.pem
>> ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
>> ca_file = ${cadir}/fnetCerts/CA/pem/4096ca.pem
>> ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
>
> Um, no, that's not how you configure them.
>
> You need to concatenate them all the CAs into the same file, as I said before. Or use the ca_path config item and specify a directory that holds the Ca files.
>
> You for 3.0.8 need to install the openssl-devel rpm to build from source.
>
> Could you provide your config.log so we can try and fix it to produce a more user friendly error.
>
> -Arran
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS development team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list