Hi all,
problem has been on my side. I miss to add another one CRL into certs directory.
Thank you for all your help!
Best regards,
—
Martin Čmelík
2011/11/14 Martin Čmelík :
> Hi Alan,
>
> I did, there is nothing about it.
>
> Only this:
>
> # Check the Certificate Revocation List
> #
> #
Hi Alan,
I did, there is nothing about it.
Only this:
# Check the Certificate Revocation List
#
# 1) Copy CA certificates and CRLs to same directory.
# 2) Execute 'c_rehash '.
#'c_rehash' is OpenSSL's command.
# 3) uncomment the line below.
# 5) Restart radiusd
# check_crl = yes
Hi,
> Question is: When Freeradius receive user certificate how daemon find
> correct CRL list in certs directory?
The CRL needs to be in the same directory as the CAs, and needs to be
hashed with c_rehash just like the CA certs. CRLs automatically get the
hash suffix ".r0" instead of ".0".
You
Martin Čmelík wrote:
> Question is: When Freeradius receive user certificate how daemon find
> correct CRL list in certs directory?
Read raddb/eap.conf. This is documented.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
maybe that I explain it wrong.
We have now 4 CAs and 4 CRL lists where checking against them working
fine. I must add two new CAs (into ca.pam as others), but Freeradius
cant compare User certificate against correct crl list (crl5.pam,
crl6.pam).
Question is: When Freeradius receive user cer
Martin Čmelík wrote:
> nobody knows how setup freeradius to check new CRL lists?
FreeRADIUS uses OpenSSL for CRLs (and everything SSL). OpenSSL does
not support dynamically adding CRLs at run time.
See the "ocsp" support in 2.1.12.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http:/
Hi,
nobody knows how setup freeradius to check new CRL lists? Should I
provide more information (it is not easy to take output from radiusd
-X, but if it is essential I can try it)?
Thank you for any suggestion
—
Martin Čmelík
2011/11/10 Martin Čmelík :
> Hi,
>
> I downloaded current stable
Hi,
I downloaded current stable freeradius version 2.1.12 and import
configuration from old server (rewrite etc/raddb).
Everything seems to be OK, but I must now add another two trusted CAs
into ca.pem and also enable checking against CRL files as for other.
Lets say that eap.conf is setup by def
8 matches
Mail list logo
