Generate the SSL certs
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Sat Apr 12 22:00:39 CEST 2008
Hi,
recommend that you get eg OReilly book on OpenSSL. with a basic
undertsanding of OpenSSL all of these files and processes
become much more transparent.
> 1. To make a successful EAP/TLS connection I need the following
> certificates:
correct
> 2. And those files are:
with SSL you get various types of files - all of them hold
the same information but show them in different ways. some
platforms need a .pkcs12, others need a .der or a .crt etc
if you read the eap.conf you will clearly see the different
files that FreeRADIUS needs. what you need to give to your clients
depends on the platform involved.
> And then also another file is needed, what does this file do?:
>
> dh
diffie-hellman - http://en.wikipedia.org/wiki/Diffie-Hellman
> And also this, what does this file do?:
>
> Random
random - a squawking bird typed the minutes of the last blood-alien
intrenational chess competition meeting. how random can you get?
its a way of ensuring that the keying material really is random.
for some people a large file of junk is ranom, for others a device
will generate random stuff - either a software device eg /dev/random
or a crpytographic card with a random engine.
alan
More information about the Freeradius-Users
mailing list