advaice on how to create certificates and setup an EAP-TLS from freeradius

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Nov 23 13:37:14 CET 2015


Hi,

> one thing that is wired is that there are no (at least I could not find it) a step by step guide to how to get this demo certificate up and running with a supplicant for (EAP-TLS setup), here, I am refereeing to the certificate that come with A fresh install of freeradius under the dir certs/

after you install, there is a client certificate created....just as there is a server one, copy that client cert
to the client.  then use it.

> if I want to create an EAP-TLS based system..... and considering certificate generation , then 
> isn’t it just as follows:
> 
> 1. Copy the existing ca.pem from  "/etc/freeradius/certs" to the client

yes

> 2. Generate client.key and client.pem at the client (supplicant) 

no. use the provided script to generate client certs then give them to the client


there are several tools out there that enable you to run your own PKI/CA system for delivering client
certs - mainly for use with VPN systems - they'll work here too.

alan



More information about the Freeradius-Users mailing list