freeRadius and CRL (certification revocation list) not working - bug with spaces and underscores
-
After setting up freeRadius with EAP-TLS (all certificate-based users), I also wanted to test if revocation of certificate would work and wifi connection would be dropped for that specific end-user device.
Somehow nothing happened after I put the certificate on the CRL, even after restarting freeRadius and also disable and enable wifi connection on end-user device, this device could still connect to the wifi access point and browse the internet. There goes my whole goal of more granual wifi security per device
On the forum I see multiple issues with freeRadius and CRLs, some very old bugs, but also newer such as All freeradius eap-tls authentications fail when an SSL revocation list is enabled:
"On the old system I could enable the CRL without having any logon issues. Although, in that case I even people with revoked certs were still allowed on the network, even after I restarted freeradius as the instructions say, so now I'm having the opposite issue, where nobody can logon as long as any CRL exists."And also FreeRADIUS 2 with EAP-TLS:
"I found the issue. I had a space in my CRL name that was causing the issue. I re-created the CRL without a space and now I can successfully revoke client certs and they no longer have access. Probably should be sent on to pfsense development to throw an error when some silly user tries to create a CRL with a space in the name. ;D ;D ;D"My CRL was named something like: freeradius_certication_revocation_list
Although there are no spaces in the name, only underscores, I tried changing the underscores to hyphens and renamed to: freeradius-certication-revocation-list.Now (after restarting freeRadius service) the certificate list, without underscores, was working and end-user device couldn't connect anymore to wifi access point
Could anybody confirm this issue/bug?