You can specify multiple EAPTLS_CAFile statements per authby?!?!! I don't know why I didn't think of that. I did end up installing Cisco SecureACS v5.1 eval copy and followed Cisco's instructions as to get TLS auth working with it. It worked like a charm with ACS and I was able to see the debugs on how it was sending certs back and forth.
I guess I didn't understand initially how the "server" cert worked, but I see now that you can use a self-signed server cert for it to work. You just need the following 2 certs in a SINGLE CA file for Radiator: Cisco Root CA: http://www.cisco.com/security/pki/certs/crca2048.cer Manufacturing Root CA: http://www.cisco.com/security/pki/certs/cmca.cer Merge both of those together into a single CA, use your own self-signed server cert and your good to go with your AuthBy. Thank you for pointing me in the right direction to get this working properly! Now I just need to write a perl hook to verify the phone is part of our CUCM CallManager Cluster. --greg _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
