Multiple radius servers with the same CA
arnaud at sphaero.org
Wed Mar 24 16:30:28 CET 2010
> Hi all,
> Thanks for these clarifications. So to clear this up I know have one
> machine to generate the certificates. This machine had it's CA setup
> according to instructions found in the certs/README distributed with FR 2.
> Certificates for a second radius server (radius2) using the same CA are
> generated as follow:
> # Certificate request (.csr) en key (.key)
> openssl req -new -out radius2.csr -keyout lx0008.key -config ./server.cnf
> # Certificate (.crt)
> openssl ca -batch -keyfile ca.key -cert ca.pem -in radius2.csr -key
> $PASSWORD_CA -out radius2.crt -extensions xpserver_ext -extfile
> xpextensions -config ./server.cnf
> # p12
> openssl pkcs12 -export -in radius2.crt -inkey radius2.key -out radius2.p12
> -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
> # PEM
> openssl pkcs12 -in radius2.p12 -out radius2.pem -passin
> pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
> (Ofcourse the password vars are replaced with the vars in the ca.cnf &
> I then copy the following files onto this second radius server:
> radius2.pem and ca.pem
> Finally I generate a dh file on the second radius server:
> openssl dhparam -out dh 1024
> Bump, still doesn't work :(
> I'm still doing something wrong?
Forget that last sentence. It does work. Was probably something with the
But if someone can confirm this procedure so it's safe.
View this message in context: http://old.nabble.com/Multiple-radius-servers-with-the-same-CA-tp28013061p28016006.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users