using SSL certs with EAP-TLS
Matthew Newton
mcn4 at leicester.ac.uk
Tue Apr 5 18:31:06 CEST 2016
On Tue, Apr 05, 2016 at 05:03:34PM +0200, Wouter wrote:
> Ok, thanks, I understand. I added OCSP checking with
> ocsp { enable = yes
> override_cert_url = no
> url = "http://ocsp.startssl.com/sub/class1/client/ca"
> }
> but it didn't work, exited with the error " Error: OCSP response has
> wrong nonce value " . The site https://blog.pki.dfn.de/tag/freeradius/
> helped me make it work with the hint to add "use_nonce = no".
Which is documented right next to the other OCSP options you set :)
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-available/eap#L503-L516
Note the security warning in that text.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list