Multiple radius servers with the same CA
sphaero
arnaud at sphaero.org
Wed Mar 24 11:21:03 CET 2010
Hi All,
I've been searching the archives for a while on some guidance into setting
up multiple radius servers using the same CA for use with EAP/TTLS.
I've generated a CA which is distributed to all the clients (i.e. SecureW2).
I've got 2 radius servers for redundancy. All NAS devices have two radius
server configured.
I'm using the scripts from freeradius 2.0 to generate the certificates
according to instructions in the README. I've setup the ca.cnf and
server.cnf (not using eap/tls so I skip clients.cf).
On the primary radius server I generated the certificates by issuing:
make
Now on the second radius server I just copy the following files:
/certs/ca.pem
/certs/ca.key
/certs/ca.der
/certs/*.cnf
/certs/Makefile
/certs/README
/certs/xpextensions
and issue:
make server
make dh
This seems to have worked. But is this really correct?
I'm renewing one radius server and did this procedure again but now I'm
receiving "chain could not be validated" errors in SecureW2. Radius log
seems fine however EAP communication is not finished which corresponds with
the client stopping communication since it can't validate the certificate.
I'm really getting lost in the SSL jungle? I would really like to understand
how this is done right, since it is about security.
Rg,
Arnaud
--
View this message in context: http://old.nabble.com/Multiple-radius-servers-with-the-same-CA-tp28013061p28013061.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list