Certificate chain untrusted
Alan DeKok
aland at deployingradius.com
Wed Aug 2 12:27:07 UTC 2023
On Aug 2, 2023, at 3:18 AM, Maciej Kowalka <maciejkowalkati at gmail.com> wrote:
>> a) put certificates into the folder (and rehash as necessary)
>
> So I have both intermediate-ca.pem and ca.pem in the folder, do I need
> to c_rehash it?(in eap file rehash is mentioned only for CA and CRL)
An intermediate CA is still a CA. You still need to run c_rehash.
>> b) put the certificates into one file in order
>
> Do you mean like “cat intermediate-ca.pem ca.pem > int-ca_ca.pem”?
See mods-available/eap, "certificate_file". It has lots of comments.
>> What may be happening is that you don't have the intermediate certificate. i.e. only the end-user device has them. So perhaps double-check that.
>
> I do have the intermediate-ca.pem in the same folder as ca.pem, but
> don't know if I need to add something in the eap config file to let
> freeradius know it.
An intermediate CA is still a CA. All CAs go into "ca_path".
Alan DeKok.
More information about the Freeradius-Users
mailing list