[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: [SOLVED] 802.1x auth EAP-TLS problem
From:       Marco Londero <ml () alternativi ! org>
Date:       2011-06-29 13:47:30
Message-ID: 4248df939c2c1a228d68e96d4d5d1816 () mick ! backplane
[Download RAW message or body]

On Wed, 29 Jun 2011 15:03:33 +0200, Alan DeKok <aland@deployingradius.com>
wrote:

>> I thought it was some advanced chained root thing, but I never got it
to
>> work even once, so I wrote my own, but it sucks.  I think it may be a
bug,
>> and you just reminded me of that.  someone who knows what they're
actually
>> on about should investigate that and see if it needs fixin' or filin'.
> It's a bug. The simplest thing to do is to make the client cert signed
by
> the CA cert. This might have been done already, but I don't recall.
> 
> Patches are welcome.
I just checked 2.1.11 and that's fine. In raddb/certs/Makefile:

-------
client.crt: client.csr ca.pem ca.key
        openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr 
-key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
-------


-- 
mandi, Marco
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]