FR 3.0.21 on Debian Buster delivering strange cert+chain?

Sven Hartge sven at
Wed Jul 15 12:53:47 CEST 2020

On 15.07.20 12:33, Martin Pauly wrote:

> I'm getting an obscure effect with FR 3.0.21 on a fresh Debian Buster 
> installation
> (I compiled myself from the download package).
> Despite an identical config (as compared to the predecessor with FR 
> 3.017 on Debian Jessie),
> some clients will not match the server cert to the chain provided.
> Seemingly, these are all Apple supplicants and also eapol_test, see 
> attached output
> Any idea what's going wrong?

Is "auto_chain" on in your eap module?

I found that quite often OpenSSL is not able to build the correct chain 
itself and I just switch it off completely via "auto_chain = no" and 
provide the complete (minus root-cert) chain myself via "certificate_file".


More information about the Freeradius-Users mailing list