The EAP Saga begins.

Alan DeKok aland at
Mon Jan 22 21:31:28 CET 2007

Evan Vittitow wrote:
> I think a large part of my problem is the creation of a Certificate
> authority.

  Why?  See the various 802.1x howto's (pointed to from &
the wiki) for how to create certificates for the server.

> Its very possible, that said Certificate authority for Radius could
> hypothetically be used layer for IPSec. This being the case, what would
> the best strategy be for implementing a PKI CA. Should I make one Cert
> for every host? One server host and one client Cert for all hosts?
> Different CAs for different Services? How will Mandriva's architecture
> change affect this?

  You want one certificate for the RADIUS server.  For most RADIUS
situations, this is enough.  And that certificate shouldn't be used for
anything else.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list