certificates

orion meshkruaj at gmail.com
Mon Mar 23 13:24:13 CET 2009


an overview you can read is located at
http://wildbill.nulldevice.net/presentations/sslpreso/

2009/3/23 orion <meshkruaj at gmail.com>

> hi,
> its all about being authenticated as a known part.
> if A knows B as a trusted part and B have issued a certificate for C then A
> will trust C.
>
> the server certificate is issued by the CA ( certificate authority. )
>
> the client needs to have the certificate of the CA ( not the server
> certificate issued from the CA )
>
> the mschap v2, tls,ttls, are methods of authentication(encryption).
>
> the eap-ttls doesnt requires that the client have a certificate on its
> own.so you need the ca certificate and the server certificate.
>
> 2009/3/23 Tomas <tomas.radius at googlemail.com>
>
> Dear all,
>> I'd appreciate if somebody could please explain me the meaning of
>> certificates. I had a look at certs/README, but some things are still
>> unclear.
>> As far as I know there are 3 types of certificates on FreeRADIUS:
>>        * ROOT CA
>>        * Server
>>        * Client
>>
>> What is the purpose of each of them? I know that ROOT CA is required to
>> allow EAP-TLS, PEAP or EAP-TTLS. Would not having ROOT CA imported on
>> 802.1x supplicant mean that EAP will be just EAP or PEAP etc.? What does
>> ROOT CA do?
>> What is the purpose of server certificate? How is that linked with
>> MSCHAP v2? I remember I could not authenticate xp host with users file
>> without generating certificates first.
>> And lastly Client certificate, would I need to install this on a client
>> PC, what do I get with that?
>>
>> What are the benefits of using certificates?
>>
>> Thanks very much for your help.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090323/f16f510c/attachment.html>


More information about the Freeradius-Users mailing list