Problem making certs (Alan DeKok)

[Peter Hutchison]

>Hello:



>I'm new to Freeradius and to Linux (Ubuntu Server 16.04) as well.  I've got my first server up and running Freeradius v3 and can >successfully authorize users on my network with a username and password.  Works great and was easy to do.  My AXis ipCCTV cameras >require EAP-TLS and this is where I'm stuck.



>My clients require a CA Certificate, a Client cert and private key, an EAP identity and Private key password for the EAP >identity.  I'm not exactly sure where all this comes from.



>I can't get "make" or "make client" to do anything other than give me a "No targets specified and no makefile found" error.



>How do I complete the jump to EAP-TLS?  Any guides online?





You need to create a Certificate request file (CSR) to a public Certificate Authority e.g. GlobalSign, Comodo, GoDaddy, etc, , this will also create your Private key file. You can use Open SSL to generate the CSR and private key.

Once you have submitted your request file, the CA will proviate you will a certificate and a copy of their root certificates to go with it. Then you can place your certificate files on your radius server in your freeradius/certs folder. I prefer to have the private, public and root files concatenated together e.g. myeapcertificate.pem.

Then update your eap.conf file and point the private_key_file entry and certificate_file entry to the same concatenated file.





Peter Hutchison MCP
Senior Network Systems Specialist
* 01484 473716
Networks Team
University of Huddersfield | Queensgate | Huddersfield | HD1 3DH

University of Huddersfield inspiring tomorrow's professionals.
[http://marketing.hud.ac.uk/_HOSTED/EmailSig2014/EmailSigFooter.jpg]

This transmission is confidential and may be legally privileged. If you receive it in error, please notify us immediately by e-mail and remove it from your system. If the content of this e-mail does not relate to the business of the University of Huddersfield, then we do not endorse it and will accept no liability.