FR 3.0.21 on Debian Buster delivering strange cert+chain?
Sven Hartge
sven at svenhartge.de
Wed Jul 15 12:53:47 CEST 2020
On 15.07.20 12:33, Martin Pauly wrote:
> I'm getting an obscure effect with FR 3.0.21 on a fresh Debian Buster
> installation
> (I compiled myself from the download package).
> Despite an identical config (as compared to the predecessor with FR
> 3.017 on Debian Jessie),
> some clients will not match the server cert to the chain provided.
> Seemingly, these are all Apple supplicants and also eapol_test, see
> attached output
> Any idea what's going wrong?
Is "auto_chain" on in your eap module?
I found that quite often OpenSSL is not able to build the correct chain
itself and I just switch it off completely via "auto_chain = no" and
provide the complete (minus root-cert) chain myself via "certificate_file".
Grüße,
Sven.
More information about the Freeradius-Users
mailing list