Accepting expired CA using EAP-TLS

Michael Ströder michael at
Tue Sep 29 10:37:28 CEST 2015

Alexandros Gougousoudis wrote:
> I'am using FR 2.1.10 für EAP-TLS over Wifi. The problem is, that our CA
> has expired and I have to renew it (and it seems also all depending
> certs), but we're a little late with that. The Wifi-Clients can't
> connect anymore, because FR says that the CA has expired, which also
> means, I can't install them the new cert. Is there a dirty hack in EAP
> to make FR ignore this?

Note that your Wifi-Clients validate the CA cert chain either.
So you would need a dirty hack for all of them.

=> Fix your CA and conduct the CA cert rollout with higher priority instead of
wasting your time with dirty hacks opening security holes.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Freeradius-Users mailing list