FreeRADIUS EAP-TLS Auth. Issues

SENECAUX Ludovic Ludovic.SENECAUX at lenord.fr
Tue Jan 23 15:49:27 UTC 2024


> My suggestion is to add the root and intermediate CAs to the "certificate_file", along with the server cert.  This configuration tells the server (and OpenSSL) that this particular root CA and this particular intermediate CA are trusted.
I already did that, but the issue is still there ...




-----Message d'origine-----
De : Freeradius-Users <freeradius-users-bounces+ludovic.senecaux=lenord.fr at lists.freeradius.org> De la part de Alan DeKok
Envoyé : mardi 23 janvier 2024 16:46
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Objet : Re: FreeRADIUS EAP-TLS Auth. Issues

Soyez vigilant, ce courriel est émis depuis l'extérieur. N'ouvrez les fichiers ou cliquez sur les liens que si vous êtes sûr de l'adresse mail de l'expéditeur.


On Jan 23, 2024, at 10:30 AM, SENECAUX Ludovic <Ludovic.SENECAUX at lenord.fr> wrote:
> It is the same virtual machine.

  OK.

> I reinstalled FR 3.0.20, and I saw the "reject_unknown_intermediate_ca" parameter does not exist in this version.
> If I add this to eap configuration, it is not loaded during server starts.

  Yes it doesn't exist in 3.0.

> So, is the value 'yes' implicit in this branch ?

  No.  The default value is "no".

  You can check this by running the server in debug mode, and looking for that configuration.

  My suggestion is to add the root and intermediate CAs to the "certificate_file", along with the server cert.  This configuration tells the server (and OpenSSL) that this particular root CA and this particular intermediate CA are trusted.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See https://antiphishing.vadesecure.com/v4?f=dnZZY1BRdGVud2p5a3J2MrifgZIIaCXUeH5Hblk8BcKOm-cv3bvFhFB96atafTfshu0QZ6FJxR99opwIR2v7fYitMFTkkiTayH3FS1HyWGRcXn_qaKvfAHEUrHm6pU06&i=dndMVVdMSnk2ZXBGeWxLWgA9wkkn7SQ3qwrls2ojOck&k=buxZ&r=NFZ1OXFVNUpJaXhxbWN3a-6zODLVFuDNo304sxgAKjJBr2Q3BRX8nAxLj61AawvU&s=5fb90e2f14a00bc796513723f5daa8471c210133340a9b38c1a85397b2f3f3cf&u=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html


More information about the Freeradius-Users mailing list