understanding the process of setting up eap-tls server/client certs
Michael Martinez
mwtzzz at gmail.com
Fri Mar 18 21:37:54 CET 2016
Yes, sorry my message was sent too soon. I have resent the whole thing.
I looked at the instructions on deployingradius.com but many of my
questions are not answered there. I need to look into what the openssl
commands are doing, but in the meantime if anyone has some answers it
would be great, would help me out.
Thanks
On Thu, Mar 17, 2016 at 9:00 AM, Alan DeKok <aland at deployingradius.com> wrote:
> On Mar 17, 2016, at 11:27 AM, Michael Martinez <mwtzzz at gmail.com> wrote:
>>
>> I'm working on setting up EAP-TLS so that the client (iPad) can be
>> issued a client cert and use it to authenticate with Radius. I need
>> some clarity on the process, particularly the roles of some of the
>> different files generated and how to use them.
>
> Read http://deployingradius.com/
>
> It has detailed instructions for getting EAP working.
>
>> 1. in order to generate the root ca, first I edit ca.cnf.
>> It's straightforward except I don't understand the role of the "input"
>> password. The "output" password I understand is for the private key -
>> ca.key.
>
> Ignore the input password. And this is all documented in the OpenSSL documentation. It's not a FreeRADIUS configuration file.
>
>> 1.a. after editing ca.cnf, then i run make ca.pem. This uses openssl
>> to run req to generate a self-signed root ca. Four files are
>> generated:
>
> You sent the message too soon.
>
> Go read the instructions on the deployingradius.com site. It explains all of this in excruciating detail.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
---
Michael Martinez
http://www.michael--martinez.com
More information about the Freeradius-Users
mailing list