The EAP Saga begins.
Alan DeKok
aland at deployingradius.com
Mon Jan 22 21:31:28 CET 2007
Evan Vittitow wrote:
> I think a large part of my problem is the creation of a Certificate
> authority.
Why? See the various 802.1x howto's (pointed to from freeradius.org &
the wiki) for how to create certificates for the server.
> Its very possible, that said Certificate authority for Radius could
> hypothetically be used layer for IPSec. This being the case, what would
> the best strategy be for implementing a PKI CA. Should I make one Cert
> for every host? One server host and one client Cert for all hosts?
> Different CAs for different Services? How will Mandriva's architecture
> change affect this?
You want one certificate for the RADIUS server. For most RADIUS
situations, this is enough. And that certificate shouldn't be used for
anything else.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list