certificates

orion meshkruaj at gmail.com
Mon Mar 23 13:22:28 CET 2009


hi,
its all about being authenticated as a known part.
if A knows B as a trusted part and B have issued a certificate for C then A
will trust C.

the server certificate is issued by the CA ( certificate authority. )

the client needs to have the certificate of the CA ( not the server
certificate issued from the CA )

the mschap v2, tls,ttls, are methods of authentication(encryption).

the eap-ttls doesnt requires that the client have a certificate on its
own.so you need the ca certificate and the server certificate.

2009/3/23 Tomas <tomas.radius at googlemail.com>

> Dear all,
> I'd appreciate if somebody could please explain me the meaning of
> certificates. I had a look at certs/README, but some things are still
> unclear.
> As far as I know there are 3 types of certificates on FreeRADIUS:
>        * ROOT CA
>        * Server
>        * Client
>
> What is the purpose of each of them? I know that ROOT CA is required to
> allow EAP-TLS, PEAP or EAP-TTLS. Would not having ROOT CA imported on
> 802.1x supplicant mean that EAP will be just EAP or PEAP etc.? What does
> ROOT CA do?
> What is the purpose of server certificate? How is that linked with
> MSCHAP v2? I remember I could not authenticate xp host with users file
> without generating certificates first.
> And lastly Client certificate, would I need to install this on a client
> PC, what do I get with that?
>
> What are the benefits of using certificates?
>
> Thanks very much for your help.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090323/f6eae8f7/attachment.html>


More information about the Freeradius-Users mailing list