understanding the process of setting up eap-tls server/client certs

Alan DeKok aland at deployingradius.com
Thu Mar 17 17:00:11 CET 2016


On Mar 17, 2016, at 11:27 AM, Michael Martinez <mwtzzz at gmail.com> wrote:
> 
> I'm working on setting up EAP-TLS so that the client (iPad) can be
> issued a client cert and use it to authenticate with Radius. I need
> some clarity on the process, particularly the roles of some of the
> different files generated and how to use them.

  Read http://deployingradius.com/

  It has detailed instructions for getting EAP working.

> 1. in order to generate the root ca, first I edit ca.cnf.
> It's straightforward except I don't understand the role of the "input"
> password. The "output" password I understand is for the private key -
> ca.key.

  Ignore the input password.  And this is all documented in the OpenSSL documentation.  It's not a FreeRADIUS configuration file.

> 1.a. after editing ca.cnf, then i run make ca.pem. This uses openssl
> to run req to generate a self-signed root ca. Four files are
> generated:

  You sent the message too soon.

  Go read the instructions on the deployingradius.com site.  It explains all of this in excruciating detail.

  Alan DeKok.




More information about the Freeradius-Users mailing list