Multiply CA and CA-Chain not working in Freeradius2

Alan DeKok aland at
Thu Jan 18 20:26:41 CET 2018

On Jan 18, 2018, at 1:45 PM, Gladewitz, Robert via Freeradius-Users <freeradius-users at> wrote:
> i try to use tls with two ca. One ca have a CA chain and i concat all in one
> pem file. Then the following error can be found on authentication:

  That's the client giving up on the server.  It's not an error on the server.

> If I use both certiface in a own file, it will work fine for the configuring
> certificate. 

  Then that's the thing to do.

> Is thre same rules about ordering.

  OpenSSL reads the certificate file in order.

> Or are certificate with different SHA hashes not compatible?

  Since it works when they're in different files, they are compatible.

  In the end.. upgrade to v3.  It has a large number of things fixed.  And, has some work-arounds for OpenSSL issues with auto-chaining of certificates.

  Alan DeKok.

More information about the Freeradius-Users mailing list