Making certs for Windows users

Peter Carlstedt pc_007 at hotmail.com
Mon Nov 30 16:02:57 CET 2009


> Message: 1
> Date: Mon, 30 Nov 2009 09:43:07 +0000
> From: Peter Carlstedt <pc_007 at hotmail.com>
> Subject: Making certs for Windows users
> To: <freeradius-users at lists.freeradius.org>
> Message-ID: <SNT120-W2C8F3E29E26DE093D3F90B4970 at phx.gbl>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> 
> Hello everyone.
> 
> I got some questions regarding how to make a certificate that works towards windows clients while running Freeradius with PEAP.
> 
> 
> 
> Well I have read on the wiki for Freeradius about making a standalone cert for windows clients (root cert) but why do i need that installed on the windows clients when i want to run peap? Isn?t peap meant to work in the way that you shouldnt have to install stand alone certs in the users computers?
> 
> 
> 
> Anyway... I dont really understand what it is that i need to do to make real certificates, I?ve read the "readme" file in raddb/certs but dont understand what it says. I have got ca.cnf anf ca.pem etc since i started the radius server the first time where it said that it made some certs, which i guess it test certificates... the readme file only says that i should remove the old ones but when i try to get into the certs folder through the terminal it says i do not have permission to go into that folder.. Im using Ubuntu Desktop and I dont know a way to get into the folder with the root other than typing "sudo cd certs" which do not work. :/
> 
> 
> 
> Can I ignore the part which says that I need to remove the certs created when i run the server the first time and just do changes in the ca.cnf?
> 
> 
> 
> As a sidenote, I?ve never worked with certificates before, I know what they are meant to do but more than that i dont know. 
> 
> 
> 
> Best regards/ Peter Carlstedt
> 
> 
> 
> ------------------------------
> Message: 5
> Date: Mon, 30 Nov 2009 11:15:09 +0100
> From: Alan DeKok <aland at deployingradius.com>
> Subject: Re: Making certs for Windows users
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <4B139B2D.8000006 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Peter Carlstedt wrote:
> > I got some questions regarding how to make a certificate that works
> > towards windows clients while running Freeradius with PEAP.
> 
> The howto's are detailed, and should be relatively clear.
> 
> > Well I have read on the wiki for Freeradius about making a standalone
> > cert for windows clients (root cert) but why do i need that installed on
> > the windows clients when i want to run peap?
> 
> Because that's how peap works.
> 
> > Isn?t peap meant to work in
> > the way that you shouldnt have to install stand alone certs in the users
> > computers?
> 
> No.
> 
> > Anyway... I dont really understand what it is that i need to do to make
> > real certificates, I?ve read the "readme" file in raddb/certs but dont
> > understand what it says. I have got ca.cnf anf ca.pem etc since i
> > started the radius server the first time where it said that it made some
> > certs, which i guess it test certificates... the readme file only says
> > that i should remove the old ones but when i try to get into the certs
> > folder through the terminal it says i do not have permission to go into
> > that folder.. Im using Ubuntu Desktop and I dont know a way to get into
> > the folder with the root other than typing "sudo cd certs" which do not
> > work. :/
> 
> This is Unix 101. You need to be "root" to edit the files in that
> directory.

Yes I understand that I need root permissions to edit files in that directory BUT is there anyway to get those permission without having to login with the root account? There are reasons of why you should use "sudo"in the terminal as a normal user instead of logging in as the root user. So what i mean is if there are some kind of command which gives me the same permissions as the root user in the terminal, was thinking about that since you can use the command "gksudo nautilus" to browse through directories which has root permission only. Is there any command which can give me the same permissions in the terminal?
> 
> > Can I ignore the part which says that I need to remove the certs created
> > when i run the server the first time and just do changes in the ca.cnf?
> 
> Sure. And then it won't work.
> 
> Alan DeKok.
> 
> 

So the only differences between the test cert and a real one is only what is written in the ca.cnf?

I dont need to add or remove anything or make an extra file or something like that?

Sorry for all (maybe stupid) questions but Im new to the thing of creating certs.
> ------------------------------
Best regards/ Peter Carlstedt
 		 	   		  
_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091130/6c324e2e/attachment.html>


More information about the Freeradius-Users mailing list