Hi Mathieu, thanks for your reply. It´s not clear to me what exactly has to be done.
So, I´ll place both server certificates inside the certificate_file, correct? Do I declare it only under the 'tls' section (not on the peap)? How does FR knows which certificate for each method? How do I declare both private keys? Sorry for my stupid questions. Thanks, Fernando. Em 10/07/2013 10:44, Mathieu Simon escreveu: > Hi > > As a possible hint since your question sounds similar to an issue I had: > > I was looking to provide a server-side certificate to my clients from > a public CA > but only allow clients to authenticate via EAP-TLS when presenting a > cert from our > internal CA which avoids the misconfiguration to trust any certificate > issued by the public CA. > > Check the difference of CA_file (containing root CA cert of your > internal CA), but set server cert > (including cert chain) inside certificate_file. > > (http://lists.freeradius.org/pipermail/freeradius-users/2013-April/065990.html) > > Regards, > Mathieu > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html