Freeradius configuration to support EAP-TLS, EAP-TTLS and EAP-PEAP

Jason Wittlin-Cohen jwittlincohen at gmail.com
Thu Dec 11 21:37:59 CET 2008


On Thu, Dec 11, 2008 at 9:16 AM, Attou eric <gouroueric at yahoo.fr> wrote:

> Hi Everybody.
>
> We are having some issues in setting up freeradius to support EAP-TLS,
> EAP-TTLS and EAP-PEAP.
> Our goal is to have our authentication server providing those three
> Auth-Type simultaneously.
> To support EAP-TLS, we generate our CA and certificates via TinyCA.
>
>

You can use TinyCA, but you must add the proper extended key usage. Under
Openssl-Configuration in TinyCA put the OID 1.3.6.1.5.5.7.3.1 for Server
Certificates into Extended Key usage, and 1.3.6.1.5.5.7.3.2 into Client
Certificate Extended Key Usage.

Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081211/5baf4a02/attachment.html>


More information about the Freeradius-Users mailing list