Cats and Code » radius http://blog.gorwits.me.uk by Oliver Gorwits Sat, 29 Mar 2014 23:28:44 +0000 en-US hourly 1 http://wordpress.org/?v=3.6.1 FreeRADIUS EAP and CRLs http://blog.gorwits.me.uk/2011/02/28/freeradius-eap-and-crls/?utm_source=rss&utm_medium=rss&utm_campaign=freeradius-eap-and-crls http://blog.gorwits.me.uk/2011/02/28/freeradius-eap-and-crls/#comments Mon, 28 Feb 2011 10:31:16 +0000 Oliver Gorwits http://blog.gorwits.me.uk/?p=410 Continue reading ]]> Just a quick note about a gotcha, which will hopefully help someone searching for the answer…

In FreeRADIUS 2, if you want to use a Certificate Revocation List (CRL) along with the EAP module, then following the instructions in the eap configuration file will get you nowhere.

Instead of setting up a directory and hashing it using the openssl tools, just append the CRL in PEM format to the end of your trusted root CA file. Then, when the openssl libs load the CA they will also load the CRL. You should still have check_crl set to yes, though.

Thanks to Mike Griego at University of Texas at Dallas for posting this workaround on the FreeRADIUS users mail list.

]]>
http://blog.gorwits.me.uk/2011/02/28/freeradius-eap-and-crls/feed/ 0