hi, <br>its all about being authenticated as a known part.<br>if A knows B as a trusted part and B have issued a certificate for C then A will trust C.<br><br>the server certificate is issued by the CA ( certificate authority. )<br>
<br>the client needs to have the certificate of the CA ( not the server certificate issued from the CA )<br><br>the mschap v2, tls,ttls, are methods of authentication(encryption).<br><br>the eap-ttls doesnt requires that the client have a certificate on its own.so you need the ca certificate and the server certificate.<br>
<br><div class="gmail_quote">2009/3/23 Tomas <span dir="ltr"><<a href="mailto:tomas.radius@googlemail.com">tomas.radius@googlemail.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Dear all,<br>
I'd appreciate if somebody could please explain me the meaning of<br>
certificates. I had a look at certs/README, but some things are still<br>
unclear.<br>
As far as I know there are 3 types of certificates on FreeRADIUS:<br>
* ROOT CA<br>
* Server<br>
* Client<br>
<br>
What is the purpose of each of them? I know that ROOT CA is required to<br>
allow EAP-TLS, PEAP or EAP-TTLS. Would not having ROOT CA imported on<br>
802.1x supplicant mean that EAP will be just EAP or PEAP etc.? What does<br>
ROOT CA do?<br>
What is the purpose of server certificate? How is that linked with<br>
MSCHAP v2? I remember I could not authenticate xp host with users file<br>
without generating certificates first.<br>
And lastly Client certificate, would I need to install this on a client<br>
PC, what do I get with that?<br>
<br>
What are the benefits of using certificates?<br>
<br>
Thanks very much for your help.<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</blockquote></div><br>