Hi,in the file referenced by the option variable "certificate_file" in the tls section only put the server certificate (and optionally the private key) of your RADIUS server.
i.e. don't put ca certificates of the chain into that file. I don't know how to prevent the client from sending CA path certificates.... Rafa Marin wrote:
Hi all,Is there any way to configure free radius + eap-tls module to avoid to send CA certificate during EAP-TLS negotiation? As Free Radius is sending it right now EAP-TLS packets get fragmented and I would like to avoid it.
-- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
