When generating the random file, you can also do: openssl rand -out /etc/raddb/certs/random 100 Steve On Aug 9, 2005, at 3:16 PM, freeradius-users- request@lists.freeradius.org wrote:
From: Kris Benson <kbenson@sd57.bc.ca> Date: August 9, 2005 11:18:10 AM PDT To: FreeRadius users mailing list <freeradius- users@lists.freeradius.org> Cc: freeradius-users@lists.freeradius.org Subject: Re: FreeRadius EAP-TLS quesitons Reply-To: FreeRadius users mailing list <freeradius- users@lists.freeradius.org>
FreeRadius users mailing list <freeradius- users@lists.freeradius.org> on August 9, 2005 at 10:54 -0800 wrote:
Hello, Two part question: 1. Is it critical to have certificates, dh and random files in etc/raddb/certs directory for eap-tls to work. 2. Is it ok to generate random file as date > random
1. Yes, sort of. You can put it in a different directory if you change the eap.conf entries.
2. No. This is the correct way:
To generate the dh file you can use a function that comes with openssl
openssl dhparam -check -text -5 512 -out dh
This will generate a 512 Diffie-Hellman key named dh. Move this file to /etc/mycerts/
mv dh /etc/mycerts/.
To generate a random file you will need a short C program using openssl libraries. Paste this text into a file named 'random.c': ----8< cut--- #include <stdio.h> #include <openssl/rand.h>
main (void) { unsigned char buf[100]; if (!RAND_bytes(buf, 100)) { // the usual md5(time+pid) } printf("Random : %s\n", buf); } ----8< cut---
Compile it like this: gcc random.c -o random -lcrypto
I will generate 32-bit LSB executable named random, try it with ./ random.
Move this file to /etc/mycerts/: mv random /etc/mycerts/.
-kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George)