FreeRadius EAP-TLS quesitons

Kris Benson kbenson at
Tue Aug 9 20:18:10 CEST 2005

FreeRadius users mailing list <freeradius-users at> on
August 9, 2005 at 10:54 -0800 wrote:
>Two part question:
>1. Is it critical to have certificates, dh and random files in 
>etc/raddb/certs directory for eap-tls to work.
>2. Is it ok to generate random file as date > random

1. Yes, sort of.  You can put it in a different directory if you change
the eap.conf entries.

2. No. This is the correct way:

To generate the dh file you can use a function that comes with openssl

openssl dhparam -check -text -5 512 -out dh

This will generate a 512 Diffie-Hellman key named dh.
Move this file to /etc/mycerts/

mv dh /etc/mycerts/.

To generate a random file you will need a short C program using openssl
libraries.  Paste this text into a file named 'random.c':
----8< cut---
#include <stdio.h>
#include <openssl/rand.h>

main (void) {
unsigned char buf[100];
if (!RAND_bytes(buf, 100)) {
// the usual md5(time+pid)
printf("Random : %s\n", buf);
----8< cut---

Compile it like this: gcc random.c -o random -lcrypto

I will generate 32-bit LSB executable named random, try it with ./random.

Move this file to /etc/mycerts/:
mv random /etc/mycerts/.

Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

More information about the Freeradius-Users mailing list