Evan Vittitow wrote:
I think a large part of my problem is the creation of a Certificate authority.
Why? See the various 802.1x howto's (pointed to from freeradius.org & the wiki) for how to create certificates for the server.
Its very possible, that said Certificate authority for Radius could hypothetically be used layer for IPSec. This being the case, what would the best strategy be for implementing a PKI CA. Should I make one Cert for every host? One server host and one client Cert for all hosts? Different CAs for different Services? How will Mandriva's architecture change affect this?
You want one certificate for the RADIUS server. For most RADIUS situations, this is enough. And that certificate shouldn't be used for anything else. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog