Public Domain Certificate for EAP-TTLS
Hello Freeradius Users, I'm a new Freeradius user, and I am setting up a for Radius server for LDAP/GSuite Authorization with WiFi 802.11x (WPA2Enterprise) and EAP-TTLS/PAP. The good news is I have all that working, at least for Apple clients; Windows & Android tests pending. The network is in a School environment and the Student's devices are BYOD Laptops, Tablets & Phones, and it's not scalable to installing client certificates for my own CA, so I do not want to use EAP-TLS. I'd like to create a Certificate (Certificate Signing Request) for a CA like Comodo (or other suggested) to create a Public DNS (I have a public domain) signed certificate for use with the EAP-TTLS. I've looked in the docs and user groups and have not seen documentation on how to do this. It's possible I missed it. Could someone please point me to some documents/sites that describe how to make a CSR for a Certificate that will be compatible with OSX and MS clients? Thanks in advance! Dean.
On May 13, 2021, at 8:49 PM, Dean Arnold <dean@31st.me> wrote:
I'd like to create a Certificate (Certificate Signing Request) for a CA like Comodo (or other suggested) to create a Public DNS (I have a public domain) signed certificate for use with the EAP-TTLS. I've looked in the docs and user groups and have not seen documentation on how to do this. It's possible I missed it.
Could someone please point me to some documents/sites that describe how to make a CSR for a Certificate that will be compatible with OSX and MS clients?
$ cd raddb/certs $ ... edit ... server.cnf $ make server.csr And then send that file to the CA. Make sure that the fields in "server.cnf" match your site for DNS names, addresses, etc. Alan DeKok.
Hi Alan, This worked great. Thank you for the help! On Fri, May 14, 2021 at 4:38 AM Alan DeKok <aland@deployingradius.com> wrote:
On May 13, 2021, at 8:49 PM, Dean Arnold <dean@31st.me> wrote:
I'd like to create a Certificate (Certificate Signing Request) for a CA like Comodo (or other suggested) to create a Public DNS (I have a public domain) signed certificate for use with the EAP-TTLS. I've looked in the docs and user groups and have not seen documentation on how to do this. It's possible I missed it.
Could someone please point me to some documents/sites that describe how to make a CSR for a Certificate that will be compatible with OSX and MS clients?
$ cd raddb/certs $ ... edit ... server.cnf $ make server.csr
And then send that file to the CA.
Make sure that the fields in "server.cnf" match your site for DNS names, addresses, etc.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan DeKok -
Dean Arnold