Re: Pbroblem with CRL check

[Dean Michaels]

1. Create a folder somewhere (doesn't matter where, as long as the radiusd process can read it).     # mkdir /my_ca 2. Copy your CA certs and your CRLs to .pem files into this directory.     # cp johns-cacert.pem /my_ca     # cp johns-crl.pem /my_ca     # cp jims-cacert.pem /my_ca     # cp jims-crl.pem /my_ca     ...     ... 3. run c_rehash (/usr/local/bin/c_rehash? /usr/local/ssl/bin/c_rehash? wherever OpenSSL put it).     # c_rehash /my_ca     Doing .     jims-cacert.pem => 1987cbba.0     johns-crl.pem => 033b73a6.r0     johns-cacert.pem => 033b73a6.0     jims-crl.pem => 1987cbba.r0     ...     ...     # 4. edit eap.conf, commenting out CA_file, and specifying CA_path.     tls  {         ...         ...         #CA_file = ${raddbdir}/ca/cacert.pem         CA_path = /my_ca         check_crl = yes         ...         ...     } You can add and remove CA certs and CRL files as you choose to trust or untrust them, on the fly. Just rerun "c_rehash /my_ca" every time you do. Dean. Jacques VUVANT wrote: Hi all   I've installed and use freeradius 1.0.1 for EAP/TLS auntentication. It work well without CRL.  But each time I want to active check_crl = yes on eap.conf file , authentication fail with following message :   *** unable to get certificate CRL***   Someone can help me on following questions : what looks like crl file ? where (dorectory) do the be ? some modifications to do on .conf file ?   Thanks for any answer   Jacques VUVANT