Hi, > Question is: When Freeradius receive user certificate how daemon find > correct CRL list in certs directory?
The CRL needs to be in the same directory as the CAs, and needs to be hashed with c_rehash just like the CA certs. CRLs automatically get the hash suffix ".r0" instead of ".0". You will still need to restart FreeRADIUS after downloading a new CRL; re-reading them at runtime is not possible due to glorious openSSL. Stefan > > Thank you > > — > Martin Čmelík > > > > 2011/11/14 Alan DeKok <al...@deployingradius.com>: >> Martin Čmelík wrote: >>> nobody knows how setup freeradius to check new CRL lists? >> FreeRADIUS uses OpenSSL for CRLs (and everything SSL). OpenSSL does >> not support dynamically adding CRLs at run time. >> >> See the "ocsp" support in 2.1.12. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html