TLS with intermediate certificate issue
Alan DeKok
aland at deployingradius.com
Tue Jul 26 15:43:54 UTC 2022
On Jul 26, 2022, at 10:21 AM, Young Yoon <yyoon99 at gmail.com> wrote:
> Thanks. I was able to get the log as instructed (but message being held
> it's too long).
If you convert it to HTML, yes. Just post text.
> I can confirm that there's no OpenSSL version change (1.1.1) in our product
> and the only change is the freeRadius 3.0.21 to 3.0.25.
>
> Looks like the root CA (microsoft private CA) is not being trusted by
> default (as it was in 3.0.21)
No. FreeRADIUS doesn't come with any private CAs by default. No CAs are trusted by default.
You have to configure the CAs in the raddb/certs directory.
> if using the intermediate certificate for TLS
> auth. The simple workaround is just install the root CA as ca trust store
> in freeRadius, but just curious if this behavior is going forward in the
> future or not.
You've always had to configure the root CA in FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list