3.10.4. EAPTLS_CAFile Previous topic Parent topic Child topic Next topic

For TLS based EAP types such as TLS, TTLS and PEAP, this parameter specifies the name of a file containing Certificate Authority (CA) root certificates that may be required to validate TLS client certificates. The certificates must be in PEM format. The file can contain several root certificates for one or more CA's. Radiator looks for root certificates first in EAPTLS_CAFile, then in EAPTLS_CAPath, so there usually is no need to set both.
EAPTLS_CAFile is expected to contain a stack of CA one or more CA certificates that will be used to validate client certificates. The list of CA issuers in that is also sent to the client during handshaking to tell the client which certificates Radiator accepts.
Special characters are supported.