Troubleshooting EAP-TLS with External Certificates

Matthew Newton mcn4 at
Thu Sep 15 23:25:15 CEST 2016

On Thu, Sep 15, 2016 at 02:11:22PM -0700, Matthew West wrote:
> Off to learning CRLs and removing all non-EAP-TLS authentication
> mechanisms.

If you haven't already, check your config into git/svn/whatever so
you can go back to a working version if you break it. It helps,

> After that, I should have the server functioning the way
> that was requested of me.

Just a last reminder that because you're using public certs, you
need to be *very* careful you don't let unwanteds in. For example,
check that another certificate with the subject
from the same CA won't validate.

> Thank you all for helping me along.

Good you've got it working. FreeRADIUS has very flexible and
powerful config but it can sometimes take a while to get your head
around it when you're not doing the very basics.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list