Hi Karlsen, 2007/6/20, Reimer Karlsen-Masur, DFN-CERT <[EMAIL PROTECTED]>:
Hi, in the file referenced by the option variable "certificate_file" in the tls section only put the server certificate (and optionally the private key) of your RADIUS server.
I think this might work (after some tests i did). But my immediate question is how the server is supposed to verify client certificate if we don't configure any CA certificate?. i.e. don't put ca certificates of the chain into that file.
I don't know how to prevent the client from sending CA path certificates.... Rafa Marin wrote: > Hi all, > > Is there any way to configure free radius + eap-tls module to avoid to > send CA certificate during EAP-TLS negotiation? As Free Radius is > sending it right now EAP-TLS packets get fragmented and I would like to > avoid it. -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
