Kris Armstrong wrote: > I am trying to configure free radius with multiple ROOT CA's. This is > not a products environment it is purely a test environment. We need the > ability to test out products against freeradius and other radius > servers. using multiple different certificate sizes and ROOT CA's.
That should work, but it all depends on OpenSSL. > I currently have the following in my EAP.conf file. Based on the way I > read the eap.conf file this would be the correct way of doing it. Here > is what happens. I can authenticate against the first ROOT CA Uh... your configuration is wrong. > no matter > which one it is as long as its the first in the list. its like all other > CA's are ignored. They are ignored. The documentation does *not* say you can have multiple "CA_file" entries. Instead, put all of the CAs into one file. Or, put the certs into their own files, delete the CA_file entry, and configure CA_path. > I had read on another forum that in order to support multiple ROOT CAs > you just put them all in the same file. I tried this as well with just > the certs as well as with the certs and the private keys neither seemed > to work. I don't understand what that means. You put *what* into one file? Just the certs? Or the certs and private keys? If so, why? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
