Re: Reloading CRL for EAP-TLS

Are you planing improve CRL support in version 2.0 in some near future? What do you mean by better support? Are you asking for a way to update CRLs without a bounce of freeradius? -- Matt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS EAP-TLS and SSL certificate chains

Remember when you put your Root CA file (and perhaps the CRL for that CA) into your certificate directory, and ran 'c_rehash cert directory'? Well - it's just like that. You might have had RootCA.pem with the Verisign CA certificate. Personally - I like to have a separate file for each

Re: Certificate Provisioning for EAP-TLS Networks

How do you get the certificates on the device in the first place? Well - that's the problem. I would like for there be a USB cable method of putting the key material on the device. Then we could build some nifty client script to automate the provisioning. But these devices in particular

Certificate Provisioning for EAP-TLS Networks

I am running FreeRadius at my company on a WLAN - using SSL key material issued by our internal certificate authority. All is well. However a pretty big limitation of this security architecture is of course getting the SSL key material onto the devices. In our case - the devices are SIP phones

Re: Goodbye SNMP, hello statistics.

Exciting stuff! On Fri, Jun 20, 2008 at 2:48 PM, Alan DeKok [EMAIL PROTECTED] wrote: I've commited some code (~1K LoC) to CVS head that will go into 2.0.6. In short, there's no point in using SNMP any more. The good news is that the Status-Server packet is overloaded to get all sorts of

Re: FreeRadius/eDirectory/802.1X authentication issue

See why I say I don't know a whole lot about how all this works?? :) So it sounds like I don't even need LDAP, but it's helpful for at least I know it is possible to use EAP-TLS, and then use some attribute from the certificate and query LDAP about it. If that's the case in your configuration,

Re: EAP-TLS with different CA per user?

In our company, we do have certificates signed by multiple Certificate Authorities...but there is a hierarchy. So, some users come in from Domain A (root CA) some come in from Domain B (intermediate CA). So then it's easyjust maintain the CA_path containing the root and any necessary

Re: EAP TLS Authentication failing!!!! Unknown CA

I'm happy to be wrong about this, but in my experience, this parameter: -CApath ca.pem Needs to be an actual path, not a PEM CA file, where you have performed these steps: download certificate authority cert in PEM format run c_rehash . (openssl script) On Thu, May 15, 2008 at 10:37 AM,