certificates confusion
Ted Lum
freeradius.org at tedworld.com
Mon Nov 24 23:36:27 CET 2008
/certs does not work as-is. See
http://bugs.freeradius.org/show_bug.cgi?id=614
I fixed mine by changing the script to sign the client with the CA in
stead of the server. While there are a number of way to go about it this
was the most expedient.
There is also an unrelated problem that causes the CA to only last 30
days. See here http://bugs.freeradius.org/show_bug.cgi?id=615
Use /certs with care!
-Ted-
tnt at kalik.net wrote:
>> my radius server though is running on server1 and I think that my
>> failure is related to the fact that I'm generating the certificates and
>> signing them with server2.
>>
>>
>
> Yes. Same CA has to be used for server and client certificates.
>
>
>> So my questions...
>>
>> 1. Do I set up server1 to be its own CA or do I still use server2 as the
>> CA?
>>
>>
>
> Both ways can work.
>
>
>> 2. If server2 is the CA, do I then generate the request on server1, copy
>> it to server2 and then sign it on server2?
>>
>>
>
> Or you can copy the CA certificate to server1, generate csr and sign it
> there.
>
>
>> 3. Does anyone see any problems with these methods of generating
>> certificates ? (openssl on Linux)
>>
>>
>
> You have such stuff in freeradius /certs directory. Feel free to compare.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Freeradius-Users
mailing list