Just a quick note about a gotcha, which will hopefully help someone searching for the answer…
In FreeRADIUS 2, if you want to use a Certificate Revocation List (CRL) along with the EAP module, then following the instructions in the
eap configuration file will get you nowhere.
Instead of setting up a directory and hashing it using the
openssl tools, just append the CRL in PEM format to the end of your trusted root CA file. Then, when the
openssl libs load the CA they will also load the CRL. You should still have
check_crl set to
Thanks to ï»¿ï»¿Mike Griego at University of Texas at Dallas for posting this workaround on the FreeRADIUS users mail list.