understanding

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Mar 29 17:03:32 CEST 2012


Hi,

> The second question isn't answered so that I could understand it. I created the certificates as told in the readme in the subdirectory /etc/certs. When I use Windows XP and uncheck the checkbox "checking certificate" it works. So as I understand the certificate of the server isn't checked or am I wrong. It is only checked when using the checkbox. When I use the checkbox I get an access accept message in the debug modus of FreeRADIUS and short after it a reject message with the message that I have to read the certificate wiki on the page. Is the problem that the certificate I created isn't an official certificate? How can I solve it?

if the 'check certificate' isnt ticked, then no...your client wont be checking the certificate.

to have a happy client when checking the cert, the 'check certificate' needs to be ticked,
the CN from the certificate should be in the 'server name' field and the CA ticked
in the list of CA's.   if you dont see the CA of the RADIUS server in that list, then
you need to install tha CA into the clients trusted root certificate store...
copy the .der to the client click on it...then choose to select where to put it...

(there are loads and loads of documents covering this scattered all over the internet..
some are newer than others...and so correct)

alan


More information about the Freeradius-Users mailing list