On 10/25/2011 11:07 AM, Kris Armstrong wrote:
I am trying to configure free radius with multiple ROOT CA's. This is
not a products environment it is purely a test environment. We need the
ability to test out products against freeradius and other radius
servers. using multiple different certificate sizes and ROOT CA's.
I currently have the following in my EAP.conf file. Based on the way I
read the eap.conf file this would be the correct way of doing it. Here
is what happens. I can authenticate against the first ROOT CA no matter
which one it is as long as its the first in the list. its like all other
CA's are ignored. In the below as you can see I have commented out the
first few ROOT CAs and the 1024ca.pem is the current first in the list.
I am able to authenticate against this one but none past. if I comment
out 1024 then I can authenticate against the next. Any help would be
greatly appreciated.
I had read on another forum that in order to support multiple ROOT CAs
you just put them all in the same file. I tried this as well with just
the certs as well as with the certs and the private keys neither seemed
to work. I believe that was on a Radius 1.x server though so maybe
I've reread this email several times and don't understand it, from a
SSL/TLS perspective it doesn't make a lot of sense. Perhaps if you
explained what you're trying to accomplish (in detail) or what you're
expecting to happen it would help. I also think it might benefit you if
you brushed on the role of a server cert, a server private key, and CA
validation. Then go back and read the comments in eap.conf, I think
you'll find your answer without having to come back to the list for help.
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
