[RADIATOR] OCSP validation
Stefan Paetow (OpenSource)
oss at eons.net
Tue Aug 15 20:32:36 UTC 2023
Hi there,
So, I've tried to use OCSP validation with the certificates issued by
eduPKI (so this covers the majority of eduroam national operators and some
identity providers). Radiator didn't like it and kicked up failures.
I then tried manually verifying and that succeeds, using this command-line:
openssl ocsp -issuer /etc/radiator/cert/roaming-eduPKI-CA.crt -cert
/etc/radiator/cert/hostname-eduPKI.pem -CAfile
/etc/radiator/cert/roaming-eduPKI-CA.crt -url
http://ocsp.edupki.org/OCSP-Server/OCSP
The URL is obviously retrieved from the certificate, but it appears there's
something missing when Radiator tries to do an OCSP verify.
Thoughts?
With kind regards
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20230815/e03f7e77/attachment.html>
More information about the radiator
mailing list