On Wed, 16 Mar 2005 00:27:03 -0600, Jon Franklin <[EMAIL PROTECTED]> wrote:
> On Wed, 16 Mar 2005 00:09:09 -0600, David Duchscher <[EMAIL PROTECTED]> wrote:
> > I am a little behind you at the moment so really hoping this helps you.
> >
> > Have you set CA_path i
crl = yes. And that caused all client certificate
validation to die horribly.
I'll definitely check it out tomorrow, though, and post here with the results.
--
Jon Franklin
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, 15 Mar 2005 18:59:02 -0500, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Jon Franklin <[EMAIL PROTECTED]> wrote:
> > On a follow-up to this, I found that the certificate I was using
> > (Thawte Freemail Member) was being validated against a set of root
> >
On Tue, 15 Mar 2005 13:40:18 -0600, Jon Franklin <[EMAIL PROTECTED]> wrote:
> On Tue, 15 Mar 2005 14:00:08 +0100, Michael Riviera
> <[EMAIL PROTECTED]> wrote:
> > Jon Franklin wrote:
> >
On a follow-up to this, I found that the certificate I was using
(Thawte Freema
de
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Login OK: [KEN/] (from client
192.168.123.2 port 29 cli 000625039e69)
Not sure if this helps, though...
--
Jon Franklin
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ECTED]> wrote:
> Use this in eap.conf:
>
> CA_file = /path/to/certs/ca-cert.pem
>
> ca-cert.pem should contain the certificate, but not private key, of your CA.
>
> Michael
>
> Jon Franklin wrote:
>
> >I've managed to get freeradius 1.0.1 working with E
out how to lock it down.
Is there a way to configure freeradius to only accept client certs
issued by a specific CA? Either that or only allow a specific set of
certs (say, copies of the certs in a directory, for example), either
way would be fine for my purposes.
--
Jon Franklin
[EMAIL PROTECTED
7 matches
Mail list logo