The EAP Saga begins.

Evan Vittitow evan at
Mon Jan 29 02:23:38 CET 2007

> To repeat my previous email - xsupplicant does not have a CA cert that
> allows it to trust the server.
> The line:
> Loaded root certificate /etc/raddb/certs/cert-clt.pem
> ...looks wrong. It looks as if you've told xsupp that the CA cert is
> the client cert, which it isn't. They're different things.
> In FreeRadius, the "eap.conf" file will have:
> eap {
>   tls {
>     certificate_file = /path/to/file.pem
>   }
> }
> ...and if you run (against that file):
> openssl x509 -noout -text -in /path/to/file.pem  |
>  egrep '(Subject|Issuer):'
>'ll get something like:
> Issuer: C=US, O=MyOrg, OU=MyCA, CN=My Certificate Authority
> Subject: C=US, O=MyOrg, OU=MyCA,
> The certificate you supply to the CLIENT as the *CA* must be the
> ISSUER cert - that is, the one with:
> Subject: C=US, O=MyOrg, OU=MyCA, CN=My Certificate Authority
> I would glance at the xsupp documentation to give more advice but the
> crapforge^Wsourceforge docs links appears to lead in a loop. This is
> one reason amongst many others you should seriously consider using
> wpa_supplicant on the clients.
I have a feeling that I've ruined my CA, and I need to re-create my
FreeRadius CA. Now, I've re-examined how to make a CA repeatedly, and
everything says something different. my is located on

Given this is the case, from scratch, what is the best way to create a
"Fresh" CA for FreeRadius. I've tried multiple documents from Ubuntu to
RedHat, (Mandriva doesn't offer any documentation themselves.) So, in
the absense of qualified docs, recommendation?

More information about the Freeradius-Users mailing list