FreeRadius EAP-TLS quesitons

Kris Benson kbenson at sd57.bc.ca
Tue Aug 9 20:18:10 CEST 2005


FreeRadius users mailing list <freeradius-users at lists.freeradius.org> on
August 9, 2005 at 10:54 -0800 wrote:
>Hello,
>Two part question:
>1. Is it critical to have certificates, dh and random files in 
>etc/raddb/certs directory for eap-tls to work.
>2. Is it ok to generate random file as date > random

1. Yes, sort of.  You can put it in a different directory if you change
the eap.conf entries.

2. No. This is the correct way:

To generate the dh file you can use a function that comes with openssl

openssl dhparam -check -text -5 512 -out dh

This will generate a 512 Diffie-Hellman key named dh.
Move this file to /etc/mycerts/

mv dh /etc/mycerts/.

To generate a random file you will need a short C program using openssl
libraries.  Paste this text into a file named 'random.c':
----8< cut---
#include <stdio.h>
#include <openssl/rand.h>

main (void) {
unsigned char buf[100];
if (!RAND_bytes(buf, 100)) {
// the usual md5(time+pid)
}
printf("Random : %s\n", buf);
}
----8< cut---

Compile it like this: gcc random.c -o random -lcrypto

I will generate 32-bit LSB executable named random, try it with ./random.

Move this file to /etc/mycerts/:
mv random /etc/mycerts/.

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)




More information about the Freeradius-Users mailing list