FreeRADIUS EAP-TLS Auth. Issues
Alan DeKok
aland at deployingradius.com
Tue Jan 23 14:08:24 UTC 2024
On Jan 23, 2024, at 8:51 AM, SENECAUX Ludovic <Ludovic.SENECAUX at lenord.fr> wrote:
>
> I set "auto_chain = yes" ; the result is the same.
>
>> ca_file = ${cadir}/chain.pem
> This file already contains rootca and subca certificates.
OK, that's good.
>>> Certificate chain - 1 cert(s) untrusted
>>> (TLS) untrusted certificate with depth [1] subject name /CN=SubCA
>>> (TLS) untrusted certificate with depth [0] subject name /CN=device
>> Which certificates are those for? rootca.pem? subca.pem?
>
> The device cert is signed by subca, which is signed by rootca.
Except the rootca isn't printed out in that list. So for some reason it's not loading the rootca.
Alan DeKok.
More information about the Freeradius-Users
mailing list