EAP-TLS unable to get local issuer certificate
Alan DeKok
aland at deployingradius.com
Thu Jun 8 09:54:46 UTC 2023
On Jun 8, 2023, at 11:41 AM, MH <h33927318 at gmail.com> wrote:
> FreeRadius debug log says that certificate is untrusted. I don't know what
> are conditions which result in this decision.
> As I wrote earlier, I did not find any other openat(), so I think there
> were no other CA checks in chain (b6296c9d.0 contains intermediate CA).
Each file in the ca_path must contain only one certificate. This is an OpenSSL limitation.
The ca_path directory must contain all CA certificates used to create the client certificate.
If you put multiple CAs into one file, then you must use the "ca_file" configuration for FreeRADIUS, not "ca_path".
This is all documented.
Alan DeKok.
More information about the Freeradius-Users
mailing list