"Dave Huff" <[EMAIL PROTECTED]> wrote: > > For EAP-TLS to work, the client certs have to be > > signed by the server cert. > Signed by the server cert or by the CA cert? I have a CA that signed the > server and client certs, and the eap.conf file knows where server and CA > certs are.
If you're using 1.0.x, that won't work. It doesn't do certificate chains. The client cert MUST be signed by the server cert. Using a CA to sign them, both won't work. I'm not even sure it will work in 1.1.0, to be honest. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html