Are you planing improve CRL support in version 2.0 in some near future?
What do you mean by better support? Are you asking for a way to
update CRLs without a bounce of freeradius?
--
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Remember when you put your Root CA file (and perhaps the CRL for that
CA) into your certificate directory, and ran 'c_rehash cert
directory'?
Well - it's just like that. You might have had RootCA.pem with the
Verisign CA certificate. Personally - I like to have a separate file
for each
How do you get the certificates on the device in the first place?
Well - that's the problem. I would like for there be a USB cable
method of putting the key material on the device. Then we could
build some nifty client script to automate the provisioning. But
these devices in particular
I am running FreeRadius at my company on a WLAN - using SSL key
material issued by our internal certificate authority. All is well.
However a pretty big limitation of this security architecture is of
course getting the SSL key material onto the devices. In our case -
the devices are SIP phones
Exciting stuff!
On Fri, Jun 20, 2008 at 2:48 PM, Alan DeKok [EMAIL PROTECTED]
wrote:
I've commited some code (~1K LoC) to CVS head that will go into 2.0.6.
In short, there's no point in using SNMP any more. The good news is
that the Status-Server packet is overloaded to get all sorts of
See why I say I don't know a whole lot about how all this works?? :) So
it sounds like I don't even need LDAP, but it's helpful for at least
I know it is possible to use EAP-TLS, and then use some attribute from the
certificate and query LDAP about it. If that's the case in your
configuration,
In our company, we do have certificates signed by multiple Certificate
Authorities...but there is a hierarchy. So, some users come in from Domain
A (root CA) some come in from Domain B (intermediate CA). So then it's
easyjust maintain the CA_path containing the root and any necessary
I'm happy to be wrong about this, but in my experience, this parameter:
-CApath ca.pem
Needs to be an actual path, not a PEM CA file, where you have performed
these steps:
download certificate authority cert in PEM format
run c_rehash . (openssl script)
On Thu, May 15, 2008 at 10:37 AM,
8 matches
Mail list logo