Adding a signed certificate from a signing authority
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue May 11 14:50:30 CEST 2010
Hi,
> I have found and carried out the steps on the wiki site around using “snake oil” certificates and then creating your own producution certificates. But I now would like to add the externally signed certificate for added security.
sure....just put the relevant files into the right place...and edit
the eap.conf accordingly. you will need the server cert and the CA..
if the CA is a chained cert, then you'll need the CA and its next up
9and its next up and its next up etc) concatenated in the same single
file. theres nothing magical about using real certs...these days
it seems some real world certs are just as work-causing/onerous as
'snake oil' certs. personally, I fall into the 'closed loop' camp
which believes that using your own CA is more secure than some random
external CA that anyone can get a cert from....noone else but your users
will authenticate against your RADIUS server (external visitors get proxied
and only have to trust their home RADIUS)....and, as previously mentioned,
lots of current external 3rd parties require you to update/change/install
certs on the client (take the recent TERENA SSLs served by JANET for
example.....)
alan
More information about the Freeradius-Users
mailing list