3.10.5. EAPTLS_CAPath Previous topic Parent topic Child topic Next topic

For TLS based EAP types such as TLS, TTLS and PEAP, this parameter specifies the name of a directory containing CA root certificates that may be required to validate TLS client certificates. Radiator looks for root certificates first in EAPTLS_CAFile, then in EAPTLS_CAPath, so there usually is no need to set both. When Certificate Revocation List (CRL) checks are enabled, this directory is also used by TLS library to look for CRL files. Special characters are supported.
The certificates and CRLs must be in PEM format, one per file. The file name has a special format. Setting up this directory is described in Section 3.11.3. TLS_CAPath.