Hi,
> My question is, what is the value of adding the roots/intermediates to the
> certificate file i.e certificate_file = ${certdir}/certificate.crt? Does
> it really allow a client without the Root already installed to verify this
> certificate?
for a client to validate a cert, it needs to already know and trust the CA
for that cert - otherwise one half of the trust relationship is gone.
IF you need to use an intermediate as well as the server cert, then by sending
it
down the link to the client, you can ensure the client will be happy with
the server cert (so long as they trust the CA) if they havent already got
the intermediate.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
