On Mar 17, 2016, at 11:27 AM, Michael Martinez <mwtzzz@gmail.com> wrote:
I'm working on setting up EAP-TLS so that the client (iPad) can be issued a client cert and use it to authenticate with Radius. I need some clarity on the process, particularly the roles of some of the different files generated and how to use them.
Read http://deployingradius.com/ It has detailed instructions for getting EAP working.
1. in order to generate the root ca, first I edit ca.cnf. It's straightforward except I don't understand the role of the "input" password. The "output" password I understand is for the private key - ca.key.
Ignore the input password. And this is all documented in the OpenSSL documentation. It's not a FreeRADIUS configuration file.
1.a. after editing ca.cnf, then i run make ca.pem. This uses openssl to run req to generate a self-signed root ca. Four files are generated:
You sent the message too soon. Go read the instructions on the deployingradius.com site. It explains all of this in excruciating detail. Alan DeKok.