>So there is no way at all to get the client to pick up the cert chain >without directly installing the intermediate cert on it?
No. >Is this >actually a client issue of it refusing to use chains for this then, >rather than a FreeRADIUS issue of it not passing the chain? Yes. >Thanks very much for all your help. This only came up because Verisign >have stopped issuing directly root-signed certs, as have the other major >cert authorities, it would seem. Our previous cert was directly root >signed, and thus worked fine. I (possibly foolishly) assumed that if all >the major CAs were shifting to chained certs for everything that the >majority of clients using ssl supported them as well. Have a look at RapidSSL/Geo Trust. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
