Making certs for Windows users
Alan DeKok
aland at deployingradius.com
Mon Nov 30 11:15:09 CET 2009
Peter Carlstedt wrote:
> I got some questions regarding how to make a certificate that works
> towards windows clients while running Freeradius with PEAP.
The howto's are detailed, and should be relatively clear.
> Well I have read on the wiki for Freeradius about making a standalone
> cert for windows clients (root cert) but why do i need that installed on
> the windows clients when i want to run peap?
Because that's how peap works.
> Isn´t peap meant to work in
> the way that you shouldnt have to install stand alone certs in the users
> computers?
No.
> Anyway... I dont really understand what it is that i need to do to make
> real certificates, I´ve read the "readme" file in raddb/certs but dont
> understand what it says. I have got ca.cnf anf ca.pem etc since i
> started the radius server the first time where it said that it made some
> certs, which i guess it test certificates... the readme file only says
> that i should remove the old ones but when i try to get into the certs
> folder through the terminal it says i do not have permission to go into
> that folder.. Im using Ubuntu Desktop and I dont know a way to get into
> the folder with the root other than typing "sudo cd certs" which do not
> work. :/
This is Unix 101. You need to be "root" to edit the files in that
directory.
> Can I ignore the part which says that I need to remove the certs created
> when i run the server the first time and just do changes in the ca.cnf?
Sure. And then it won't work.
Alan DeKok.
More information about the Freeradius-Users
mailing list