-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sergio wrote: | Hi people, Hello Sergio,
| client.pem are signed by | server.pem, and server.pem are signed by ca.pem. It is a bad bad idea to sign a client certificate with a server certificate. Usually server certificates don't have the extensions to sign certificates but have extensions explicitly signaling that they are not to be used to sign certificates. Try to sign the client certs with the ca certificate. Then check the freeradius configuration that the CA used to verify client certificates is the CA certificate. If you insist on an intermediate certificate between the CA and the client certificates you must either configure the server to also use the intermediate CA as a CA or you must configure the clients to send the intermediate back to the server. Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImiXp2iGqZUF3qPYRAtZWAJ94AfIAI3FVrIpgBCmloWl7ea4RFgCfRgV+ DwRAYGxBD//EitviXnMdAhA= =NyUw -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]