Using an external CA certificate
Alexander Clouter
alex at digriz.org.uk
Tue Mar 1 14:30:29 CET 2011
Matt Langthorpe <matt.langthorpe at pmb.ox.ac.uk> wrote:
>
> Having a bit of trouble following the official freeradius wiki when it
> comes to certificates. Basically I have my own certificate which I
> want to use. I have a ***.crt file which was sent by my issuer, and a
> private.pem file which was created when I made my CSR request using
> openssl.
>
----
alex at chipmunk:~$ unzip 10133697.zip
Archive: 10133697.zip
extracting: 10133697.ca-bundle
extracting: 10133697.crt
alex at chipmunk:~$ cat 10133697.crt 10133697.ca-bundle > server.pem
----
The infernal folks at Comodo seemed to have changed their process
recently so that you get the bundle, the old style approach was:
----
$ cat 10133697.crt TERENASSLCA.crt UTNAddTrustServer_CA.crt AddTrustExternalCARoot.crt > server.pem
----
Now in your 'eap.conf' file use the following and you should be set:
----
private_key_password = secret
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.pem
----
FYI, if you have to do a similar thing with Apache, you want:
----
SSLEngine on
SSLCertificateFile /etc/apache2/certs/example/10133697.crt
SSLCertificateKeyFile /etc/apache2/certs/example/privkey.pem
SSLCertificateChainFile /etc/apache2/certs/example/10133697.ca-bundle
----
> I have uploaded the two files into my raddb/certs folder, but am
> unsure as to where to point to them in my eap.conf? I notice none of
> the cert files listed in eap.conf have a *.crt extension which is a
> bit confusing.
>
This is UNIX, file extensions are generally meaningless and should be
ignored.
Cheers
--
Alexander Clouter
.sigmonster says: I think the world is run by C students.
-- Al McGuire
More information about the Freeradius-Users
mailing list