Jeffrey Sewell wrote: > Thank you for your reply. > > We are (with the exception of some prototype tests) going to be > completely EAP-TLS. > > Your answer brings me back to my original issue--the CA_path does not > exist in the eap.conf file. If I add it, it doesn't seem to work (on > 1.1.4).
Hm, here it does work. Have you run c_rehash in that directory? Are the files and the directory readable by the radiusd process? Did you choose to run radiusd under some other user than root? > Just adding additional certs to the CA_file seems to work, but I'd > prefer to have proper signed (c_reshash) sym-links. ??? This is not a signature, its some very short fingerprint of the SubjectDN of the CA cert. Have you set verify_depth = 0 for a start? You should set it probably to the lowest positive integer (except 0) that your CA hierachie setup and your client certs are working with. Have you set check_crl = no to test if the CA certificate setup is working. Later on you should set it to yes for obvious reasons and get uptodate CRLs. -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), DFN-CERT Services GmbH DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 14. DFN-CERT Workshop und Tutorien, CCH Hamburg, 7.-8. Februar 2007 Infos/Anmeldung unter: https://www.dfn-cert.de/events/ws/2007/
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html