certificates for TLS Tunnel (peap mschap v2 authentication)

Martin Gadbois martin.gadbois at colubris.com
Thu Jul 12 17:17:32 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

julien blanc wrote:
> My problem is here. I don't know how to use certificates in the
> freeradius directory:
> root.pem, root.p12, root.der
> cert-clt.pem, cert-clt.p12, cert-clt.der
> cert-srv.pem, cert-srv.p12, cert-srv.der
> 
> any advice ... suggestions or anything else ???

You can tell the WPA client not to validate the server certificate. If
so, no certificate will be checked. If you want to check the server:
1- Add root.p12 to as a trusted certificate on all clients
2- Add root.p12 and cert-srv.p12 to the DC.

use the mmc.exe, with the Certificate snap-in.

You should be all set!

- --
==============         +---------------------------------------------+
Martin Gadbois         | "Please answer by yes or no.                |
Sr. SW Designer        | Uncooperative user waste precious CPU time" |
Colubris Networks Inc. | -- The Andromeda Strain, M. Crichton, 1969  |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGlkYM9Y3/iTTCEDkRAiggAJ9xufiNk2vooTXOIYS/b3ewKGzp6wCggvlP
AfbT5hvNp8oNjCFHQdgj/jg=
=4Pj1
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list