cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)
Sergio
sergioyebenes at alumnos.upm.es
Thu Jul 24 21:55:28 CEST 2008
Alan DeKok escribió:
> Phil Mayers wrote:
>
>> Alan - it does look to my untrained eye as if the "client.crt" Makefile
>> target in /etc/raddb/certs is signing the client key with the server
>> key. Is this intentional, or a bug?
>>
>
> It's intentional. It's a perfectly valid use of certificate chains.
>
> The idea is that you have one CA for your organization, and (perhaps)
> multiple RADIUS servers. Each server has it's own identity, and can
> issue it's own client certs for EAP-TLS. But client certs will work
> across multiple servers, because the servers are signed by the same CA.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
Sorry, only one more note. bootstrap command doesn't make client certs.
you need to execute "make client.pem" to make it.
I also assume that it is normal.
More information about the Freeradius-Users
mailing list