Freeradius 3 self signed certificate

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Mon Jun 29 11:39:36 CEST 2015


> There is a self signed certificate which I would like install in the server. Now I'm somewhat struggling with the server side configuration.
> Why do I want these cnf files in the certs directory? Honestly I expected to just place the certificate/key files there, link them in the config and be done.
> I found some documents in the internet saying that this server certificate need extended key usage attributes (1.3.6.1.5.5.7.3.1). Is that right?

The CNF files in the certs directory allow you to build self-signed certs for your FreeRADIUS infrastructure. There is a file in the directory that provides the extended key usage attributes (it's called xpextensions). Any cert generated from the CNF files in the certs directory will comply with Windows requirements.

Of course, if you use something else (TinyCA), those CNF files don't apply...

> What do I need to consider when it comes to installing the cacert to the clients (iOS, Android, Windows 7+, Linux, OS X). Does the certificate be a catted cert from the rootca cert and the subca cert?

AFAIK you need to provide a cert that contains the full chain, yes.

With Regards

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150629/a9d70310/attachment.sig>


More information about the Freeradius-Users mailing list