Hi. Eshun Benjamin wrote:
Well in my current configuration I have the RADIUS server certificate in certificate_file and CA certificate in CA_file. But with that configuration , the radius server is still sending the CA certificate.The CA_path folder is empty and the CA_file is commented out. This should work for you.tls { # # These is used to simplify later configurations. # certdir = ${raddbdir}/certs cadir = ${raddbdir}/certs/trustedCA private_key_password = whatever private_key_file = ${certdir}/server.pem certificate_file = ${certdir}/server.pem # Trusted Root CA list - CA_path folder is empty # CA_file = ${cadir}/ca.pem CA_path = ${raddbdir}/certs/trustedCA
If the configuration is as minimal as suggested (no chain certificates in certificate_file) and FreeRadius is still sending the complete server CA chain build, this must be some FreeRadius magic....
How do you check if FreeRadius is actually sending the chain? -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html