Two questions about EAP-TLS
Norman Elton
normelton at gmail.com
Mon Aug 13 19:29:03 CEST 2018
We've been running PEAP + MS-CHAPv2 for many many years. Beginning to
experiment with EAP-TLS, and have two questions ...
- My certificates are generated by an intermediate CA. It appears I
need to put both the root and intermediate CA into the CA_file
(ca.pem)? I was expecting to put the root CA somewhere else, to
indicate that it is only used to trust the intermediate.
- It seems that FreeRADIUS won't start if I comment out the
certificate_file and private_key_file. My understanding is that these
are only used for MS-CHAPv2, and are irrelevant in an EAP-TLS
environment. Correct me if I'm wrong here. Should I just leave these
as self-signed dummy certificates?
Thanks,
Norman
More information about the Freeradius-Users
mailing list