Multiple radius servers with the same CA

sphaero arnaud at sphaero.org
Wed Mar 24 16:30:28 CET 2010




sphaero wrote:
> 
> Hi all,
> 
> Thanks for these clarifications. So to clear this up I know have one
> machine to generate the certificates. This machine had it's CA setup
> according to instructions found in the certs/README distributed with FR 2.
> 
> Certificates for a second radius server (radius2) using the same CA are
> generated as follow:
> 
> # Certificate request (.csr) en key (.key)
> openssl req -new  -out radius2.csr -keyout lx0008.key -config ./server.cnf
> # Certificate (.crt)
> openssl ca -batch -keyfile ca.key -cert ca.pem -in radius2.csr  -key
> $PASSWORD_CA -out radius2.crt -extensions xpserver_ext -extfile
> xpextensions -config ./server.cnf
> # p12
> openssl pkcs12 -export -in radius2.crt -inkey radius2.key -out radius2.p12 
> -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
> # PEM
> openssl pkcs12 -in radius2.p12 -out radius2.pem -passin
> pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
> 
> (Ofcourse the password vars are replaced with the vars in the ca.cnf &
> server.cnf)
> 
> I then copy the following files onto this second radius server:
> radius2.pem and ca.pem
> 
> Finally I generate a dh file on the second radius server:
> openssl dhparam -out dh 1024
> 
> Bump, still doesn't work :(
> I'm still doing something wrong?
> 
> Rg,
> 
> Arnaud
> 

Forget that last sentence. It does work. Was probably something with the
nas.
But if someone can confirm this procedure so it's safe.

Rg,

Arnaud
-- 
View this message in context: http://old.nabble.com/Multiple-radius-servers-with-the-same-CA-tp28013061p28016006.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list