certificates

Tomas tomas.radius at googlemail.com
Mon Mar 23 13:13:01 CET 2009


Dear all,
I'd appreciate if somebody could please explain me the meaning of
certificates. I had a look at certs/README, but some things are still
unclear.
As far as I know there are 3 types of certificates on FreeRADIUS:
	* ROOT CA
	* Server
	* Client

What is the purpose of each of them? I know that ROOT CA is required to
allow EAP-TLS, PEAP or EAP-TTLS. Would not having ROOT CA imported on
802.1x supplicant mean that EAP will be just EAP or PEAP etc.? What does
ROOT CA do? 
What is the purpose of server certificate? How is that linked with
MSCHAP v2? I remember I could not authenticate xp host with users file
without generating certificates first.
And lastly Client certificate, would I need to install this on a client
PC, what do I get with that?

What are the benefits of using certificates? 

Thanks very much for your help.




More information about the Freeradius-Users mailing list