Yes, sorry my message was sent too soon. I have resent the whole thing. I looked at the instructions on deployingradius.com but many of my questions are not answered there. I need to look into what the openssl commands are doing, but in the meantime if anyone has some answers it would be great, would help me out. Thanks On Thu, Mar 17, 2016 at 9:00 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Mar 17, 2016, at 11:27 AM, Michael Martinez <mwtzzz@gmail.com> wrote:
I'm working on setting up EAP-TLS so that the client (iPad) can be issued a client cert and use it to authenticate with Radius. I need some clarity on the process, particularly the roles of some of the different files generated and how to use them.
Read http://deployingradius.com/
It has detailed instructions for getting EAP working.
1. in order to generate the root ca, first I edit ca.cnf. It's straightforward except I don't understand the role of the "input" password. The "output" password I understand is for the private key - ca.key.
Ignore the input password. And this is all documented in the OpenSSL documentation. It's not a FreeRADIUS configuration file.
1.a. after editing ca.cnf, then i run make ca.pem. This uses openssl to run req to generate a self-signed root ca. Four files are generated:
You sent the message too soon.
Go read the instructions on the deployingradius.com site. It explains all of this in excruciating detail.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- --- Michael Martinez http://www.michael--martinez.com