Jon Franklin wrote:
I tried using my own hand-generated SSL certs, as well as a set
generated by the certs.sh script, and get the same type of problem. Question: if the CA_file certificate contains a private key, would
this cause my problem? I don't think it has one, but can't say with
certainty until I get in to work tomorrow and check it out.
It does not _need_ the private key, I have not tried it with one.
One clue I've been seeing is if I check_crl = yes, no certificate getsThe check_crl is for certificate revocation and unless you have things explicitly setup for that it should be set to "no".
validated at all; set it to "no" and any client cert will allow the
client into my network.
Thanks!
Could you please post the debug log?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
