Two questions about EAP-TLS

Norman Elton normelton at
Mon Aug 13 19:29:03 CEST 2018

We've been running PEAP + MS-CHAPv2 for many many years. Beginning to
experiment with EAP-TLS, and have two questions ...

- My certificates are generated by an intermediate CA. It appears I
need to put both the root and intermediate CA into the CA_file
(ca.pem)? I was expecting to put the root CA somewhere else, to
indicate that it is only used to trust the intermediate.

- It seems that FreeRADIUS won't start if I comment out the
certificate_file and private_key_file. My understanding is that these
are only used for MS-CHAPv2, and are irrelevant in an EAP-TLS
environment. Correct me if I'm wrong here. Should I just leave these
as self-signed dummy certificates?



More information about the Freeradius-Users mailing list