On 12 December 2017 at 08:36, Nathan Ward <lists+freeradius@daork.net> wrote:
https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/certs/READ... <https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/certs/README>
Line 26 onwards: In general, you should use self-signed certificates for 802.1x (EAP) authentication. When you list root CAs from other organisations in the "ca_file", you permit them to masquerade as you, to authenticate your users, and to issue client certificates for EAP-TLS.
Yes, I am aware of it, and I set `ca_file` variable to point my self-generated/self-signed CA certificate. I am asking about `certificate_file` and `private_key_file` variables which represent radius server, and documentation says not to use global know CA only for `ca_file` variable.