Evan Vittitow wrote:
I'm having an issue telling my server certificate from my client certificate:
Issues: Which of these is the client certificate, and which of these is the server cert.
in eap.conf
private_key_file = ${raddbdir}/certs/cakey.pem certificate_file = ${raddbdir}/certs/cacert.crt CA_file = ${raddbdir}/certs/cacert.pem
"certificate_file" is the server certificate file. "private_key_file" is the key for that certificate. "CA_file" is the file containing the CA cert which FreeRadius will expect CLIENT certs to be signed by.
In /etc/xsupplicant.conf
eap-peap { random_file = /dev/urandom root_cert = /etc/raddb/certs/cacert.crt chunk_size = 1398 allow_types = eap_mschapv2 eap-mschapv2 { username = password = } eap_tls { user_key = "/etc/raddb/certs/cacert.crt" user_key_pass = "" root_cert = "/etc/raddb/certs/cacert.crt" root_dir = "/etc/raddb/certs/" chunk_size = 1398 random_file = "/dev/random/" session_resume = yes }
"root_cert" is the file containing the CA cert which signed FreeRadius' "certificate_file" "user_key" is the file containing the user cert, which must be signed by FreeRadius' "CA_file" cert.