On Wed, Mar 29, 2017 at 11:24:37PM +0000, John Tobin wrote:
I have a self signed cert because [ I believe ] that is the test cert you get when you install radius. /etc/raddb/cert has a make, you run the make for test certs.
You get a self-signed root CA (ca.pem), a server cert signed by that CA (server.pem) and a client cert signed by the CA (client.pem). So the server should have the CA cert and the server cert configured, and the client should have the CA cert installed and the client cert for auth. You don't use the self-signed CA cert as the server cert. This is basic CA stuff.
The os x machines have no mods for a ³homebrewed² openssl? I am testing against sierra and elcapitan, and I was also told I would have to get special versions of openssl for os x at those levels because of problems in opensslŠ You have to implement homebrew openssl installŠ..
No idea, I'm not a Mac person. Homebrewed sounds like beer. The only issues I'm aware of with openssl and macs would be to disable tls1.2 as I think has already been mentioned, but I think Apple disabled that anyway for the time being because it broke too much stuff. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>