24 Nov
2008
24 Nov
'08
4:47 p.m.
my radius server though is running on server1 and I think that my failure is related to the fact that I'm generating the certificates and signing them with server2.
Yes. Same CA has to be used for server and client certificates.
So my questions...
1. Do I set up server1 to be its own CA or do I still use server2 as the CA?
Both ways can work.
2. If server2 is the CA, do I then generate the request on server1, copy it to server2 and then sign it on server2?
Or you can copy the CA certificate to server1, generate csr and sign it there.
3. Does anyone see any problems with these methods of generating certificates ? (openssl on Linux)
You have such stuff in freeradius /certs directory. Feel free to compare. Ivan Kalik Kalik Informatika ISP