certificates confusion
tnt at kalik.net
tnt at kalik.net
Mon Nov 24 22:47:07 CET 2008
>my radius server though is running on server1 and I think that my
>failure is related to the fact that I'm generating the certificates and
>signing them with server2.
>
Yes. Same CA has to be used for server and client certificates.
>So my questions...
>
>1. Do I set up server1 to be its own CA or do I still use server2 as the
>CA?
>
Both ways can work.
>2. If server2 is the CA, do I then generate the request on server1, copy
>it to server2 and then sign it on server2?
>
Or you can copy the CA certificate to server1, generate csr and sign it
there.
>3. Does anyone see any problems with these methods of generating
>certificates ? (openssl on Linux)
>
You have such stuff in freeradius /certs directory. Feel free to compare.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list