The EAP Saga begins.
Evan Vittitow
evan at terralab.com
Tue Jan 23 11:09:34 CET 2007
Alan DeKok wrote:
> Evan Vittitow wrote:
>
>> I think a large part of my problem is the creation of a Certificate
>> authority.
>>
>
> Why? See the various 802.1x howto's (pointed to from freeradius.org &
> the wiki) for how to create certificates for the server.
>
>
>> Its very possible, that said Certificate authority for Radius could
>> hypothetically be used layer for IPSec. This being the case, what would
>> the best strategy be for implementing a PKI CA. Should I make one Cert
>> for every host? One server host and one client Cert for all hosts?
>> Different CAs for different Services? How will Mandriva's architecture
>> change affect this?
>>
>
> You want one certificate for the RADIUS server. For most RADIUS
> situations, this is enough. And that certificate shouldn't be used for
> anything else.
>
>
What do I give the xsupplicant clients?
More information about the Freeradius-Users
mailing list