Alan DeKok escribió:
Phil Mayers wrote:
Alan - it does look to my untrained eye as if the "client.crt" Makefile
target in /etc/raddb/certs is signing the client key with the server
key. Is this intentional, or a bug?
It's intentional. It's a perfectly valid use of certificate chains.
The idea is that you have one CA for your organization, and (perhaps)
multiple RADIUS servers. Each server has it's own identity, and can
issue it's own client certs for EAP-TLS. But client certs will work
across multiple servers, because the servers are signed by the same CA.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
But the debug I posted shows that radius doesn't recognize the issuer of
client cert using default certs. If default certs works and I don't need
to install server.pem and ca.pem into ssl/certs dir, what I'm forgetting
alan?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
