Use this in eap.conf:
CA_file = /path/to/certs/ca-cert.pem
ca-cert.pem should contain the certificate, but not private key, of your CA.
Michael
Jon Franklin wrote:
I've managed to get freeradius 1.0.1 working with EAP-TTLS, PEAP, and
TLS (mostly), but I found that with EAP-TLS, I can use any client
certificate I want, and freeradius will allow the client through. This presents a major security hole in my configuration, and I can't
seem to figure out how to lock it down.
Is there a way to configure freeradius to only accept client certs issued by a specific CA? Either that or only allow a specific set of certs (say, copies of the certs in a directory, for example), either way would be fine for my purposes.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
