certificates for TLS Tunnel (peap mschap v2 authentication)

Tue Jul 17 16:06:03 CEST 2007

Thanks Martin

i've just tried to make the changes that you have suggested and i have the
following problem

i don't know how to import .p12 files. In the mmc i have to give a pass for
the private key and i don't know where i can find it ! (and if it's
possible).

do you think i can try with .der or .pem files ?

thanks for your help !

Julien

2007/7/12, Martin Gadbois <martin.gadbois at colubris.com>:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> julien blanc wrote:
> > My problem is here. I don't know how to use certificates in the
> > freeradius directory:
> > root.pem, root.p12, root.der
> > cert-clt.pem, cert-clt.p12, cert-clt.der
> > cert-srv.pem, cert-srv.p12, cert-srv.der
> >
> > any advice ... suggestions or anything else ???
>
> You can tell the WPA client not to validate the server certificate. If
> so, no certificate will be checked. If you want to check the server:
> 1- Add root.p12 to as a trusted certificate on all clients
> 2- Add root.p12 and cert-srv.p12 to the DC.
>
> use the mmc.exe, with the Certificate snap-in.
>
> You should be all set!
>
> - --
> ==============         +---------------------------------------------+
> Martin Gadbois         | "Please answer by yes or no.                |
> Sr. SW Designer        | Uncooperative user waste precious CPU time" |
> Colubris Networks Inc. | -- The Andromeda Strain, M. Crichton, 1969  |
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGlkYM9Y3/iTTCEDkRAiggAJ9xufiNk2vooTXOIYS/b3ewKGzp6wCggvlP
> AfbT5hvNp8oNjCFHQdgj/jg=
> =4Pj1
> -----END PGP SIGNATURE-----
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070717/c22a9b57/attachment.html>