hi, 1. Installed/Configured CentOS 7 (CentOS7-x86_64-1511) a. Disabled SELinux b. Disabled firewalld first steps. turn those back on - and configure them correctly as required (read firewalld and selinux docs as required).
Are there any steps I've missed? Do I need to keep the 'dh' in /certs/?
now you have a working system, start to comment/remove things out of it that you dont need - thinking PAP and plain CHAP etc methods. weak, insecure. use the permit_only_eap policy in your virtual server auth {} section to ensure only EAP requests are coming to it. of course you need the DH file - its part of the process. what cert are you using? still a local one or a public one? I would advise keeping with local one....you talk about importing it to client, so that suggests its not one of the big public ones... good. you talk about EAP-TLS...but your post only mentioned doing basic PAP and PEAP test - please dont confuse terminology.. you havent tested a client cert yet - which is probably important if you ARE doing EAP-TLS.... alan