The EAP Saga continues.
Phil Mayers
p.mayers at imperial.ac.uk
Wed Feb 7 17:00:58 CET 2007
Evan Vittitow wrote:
> I'm having an issue telling my server certificate from my client
> certificate:
>
> Issues: Which of these is the client certificate, and which of these is
> the server cert.
>
> in eap.conf
>
> private_key_file = ${raddbdir}/certs/cakey.pem
> certificate_file = ${raddbdir}/certs/cacert.crt
> CA_file = ${raddbdir}/certs/cacert.pem
"certificate_file" is the server certificate file. "private_key_file" is
the key for that certificate.
"CA_file" is the file containing the CA cert which FreeRadius will
expect CLIENT certs to be signed by.
>
> In /etc/xsupplicant.conf
>
> eap-peap {
> random_file = /dev/urandom
> root_cert = /etc/raddb/certs/cacert.crt
> chunk_size = 1398
> allow_types = eap_mschapv2
> eap-mschapv2 {
> username =
> password =
> }
> eap_tls {
> user_key = "/etc/raddb/certs/cacert.crt"
> user_key_pass = ""
> root_cert = "/etc/raddb/certs/cacert.crt"
> root_dir = "/etc/raddb/certs/"
> chunk_size = 1398
> random_file = "/dev/random/"
> session_resume = yes
> }
"root_cert" is the file containing the CA cert which signed FreeRadius'
"certificate_file"
"user_key" is the file containing the user cert, which must be signed by
FreeRadius' "CA_file" cert.
More information about the Freeradius-Users
mailing list