FreeRADIUS EAP-TLS Auth. Issues
Alan DeKok
aland at deployingradius.com
Tue Jan 23 15:45:52 UTC 2024
On Jan 23, 2024, at 10:30 AM, SENECAUX Ludovic <Ludovic.SENECAUX at lenord.fr> wrote:
> It is the same virtual machine.
OK.
> I reinstalled FR 3.0.20, and I saw the "reject_unknown_intermediate_ca" parameter does not exist in this version.
> If I add this to eap configuration, it is not loaded during server starts.
Yes it doesn't exist in 3.0.
> So, is the value 'yes' implicit in this branch ?
No. The default value is "no".
You can check this by running the server in debug mode, and looking for that configuration.
My suggestion is to add the root and intermediate CAs to the "certificate_file", along with the server cert. This configuration tells the server (and OpenSSL) that this particular root CA and this particular intermediate CA are trusted.
Alan DeKok.
More information about the Freeradius-Users
mailing list