Generate the SSL certs

Johan Nyman Johan at mediavisiongroup.se
Sat Apr 12 19:51:27 CEST 2008 

Hello again,

Thanks for that information, 

Read the "README" in the "/raddb/certs" directory and found some very clear
instruction on how to compile/make the certificates.


Could you help me clarify this, so I have understand correctly:


1. To make a successful EAP/TLS connection I need the following
certificates:


- Root certificate (stored on the radius server as default in the directory
"/raddb/certs")

- Server certificate (stored on the radius server as default in the
directory "/raddb/certs")

- Client certificate (the user connecting to the radius has this certificate
installed on his computer)


2. And those files are:

Root:

ca.cnf
ca.der
ca.key
ca.pem

Client:

client.cnf
client.crt
client.csr
client.key
client.p12
client.pem


Server:

server.cnf
server.crt
server.csr
server.key
server.p12
server.pem


And then also another file is needed, what does this file do?:

dh


And also this, what does this file do?:

Random




Best regards,
Johan Nyman



-----Original Message-----
From:
freeradius-users-bounces+johan=mediavisiongroup.se at lists.freeradius.org
[mailto:freeradius-users-bounces+johan=mediavisiongroup.se at lists.freeradius.
org] On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: den 12 april 2008 19:06
To: FreeRadius users mailing list
Subject: Re: Generate the SSL certs

Hi,
> Hello all,
> 
> There should be a place on the net that hosts official tutorials for
> FreeRadius that are up-to date.
> 
> Then many problems would disappear.

there are several. the best place is wiki.freeradius.org

> I was about to follow this post to get "EAP/TTLS" to work:
> http://www.felipe-alfaro.org/blog/2005/11/01/wpa-enterprise/

some random page from 2005. useful for FreeRADIUS 0.9


if you get the FreeRADIUS 2.0.3 source code, extract it and look
in the directories, you will find within the raddb/certs
directory a set of useful files... such as bootstrap and Makefile

these 2 will, together, create a set of working 30 day demo certs
for a first time install of the server.

of course, if you read them and modify them and /etc/openssl.conf
(or whereever your SSL configuration is held in your distro)
you can have much much more - eg certs that last for as long as you
want with the descriptions you want.

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list