In the eap.conf, tls section, the comments say to use the 'CA_path'
variable in the radiusd.conf file to indicate where the trusted CA
chain will reside. However, this variable isn't in the tls section of
the radiusd.conf (it is in the LDAP section, but I'm pretty sure that
won't help me) file or the eap.conf file (where I thought it might
have moved). As an experiment, I added it to eap.conf and it loaded ok
with the following output:
tls: CA_path = "/usr/local/etc/raddb/certs/rootCA"
...
tls: CA_file = "(null)"
Unfortunately the CA_file is the imporant one as I discovered when I
tested the link:
Fri Jan 19 09:51:05 2007 : Error: TLS Alert write:fatal:unknown CA
So where is the appropriate place for the root chain?
--Jeffrey
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
