FreeRadius EAP-TLS quesitons
Steven Simon
simon.s at apple.com
Wed Aug 10 19:50:44 CEST 2005
When generating the random file, you can also do:
openssl rand -out /etc/raddb/certs/random 100
Steve
On Aug 9, 2005, at 3:16 PM, freeradius-users-
request at lists.freeradius.org wrote:
> From: Kris Benson <kbenson at sd57.bc.ca>
> Date: August 9, 2005 11:18:10 AM PDT
> To: FreeRadius users mailing list <freeradius-
> users at lists.freeradius.org>
> Cc: freeradius-users at lists.freeradius.org
> Subject: Re: FreeRadius EAP-TLS quesitons
> Reply-To: FreeRadius users mailing list <freeradius-
> users at lists.freeradius.org>
>
>
> FreeRadius users mailing list <freeradius-
> users at lists.freeradius.org> on
> August 9, 2005 at 10:54 -0800 wrote:
>
>> Hello,
>> Two part question:
>> 1. Is it critical to have certificates, dh and random files in
>> etc/raddb/certs directory for eap-tls to work.
>> 2. Is it ok to generate random file as date > random
>>
>
> 1. Yes, sort of. You can put it in a different directory if you
> change
> the eap.conf entries.
>
> 2. No. This is the correct way:
>
> To generate the dh file you can use a function that comes with openssl
>
> openssl dhparam -check -text -5 512 -out dh
>
> This will generate a 512 Diffie-Hellman key named dh.
> Move this file to /etc/mycerts/
>
> mv dh /etc/mycerts/.
>
> To generate a random file you will need a short C program using
> openssl
> libraries. Paste this text into a file named 'random.c':
> ----8< cut---
> #include <stdio.h>
> #include <openssl/rand.h>
>
> main (void) {
> unsigned char buf[100];
> if (!RAND_bytes(buf, 100)) {
> // the usual md5(time+pid)
> }
> printf("Random : %s\n", buf);
> }
> ----8< cut---
>
> Compile it like this: gcc random.c -o random -lcrypto
>
> I will generate 32-bit LSB executable named random, try it with ./
> random.
>
> Move this file to /etc/mycerts/:
> mv random /etc/mycerts/.
>
> -kb
> --
> Kris Benson, CCP, I.S.P.
> Technical Analyst, District Projects
> School District #57 (Prince George)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050810/feef3a8d/attachment.html>
More information about the Freeradius-Users
mailing list