2008 Server Certificate Authority
Phil Mayers
p.mayers at imperial.ac.uk
Thu Feb 2 17:41:52 CET 2012
On 02/02/2012 04:19 PM, Gilmour, Scott wrote:
> Hi,
> I have a 2008 Server Certificate Authority. I want to use my 2008 Server Certificates with my FreeRadius Server.
> I have been searching online but haven't found anything that fully explains how to accomplish this.
> I know I will need to use openssl to accomplish this. Does anybody know of a good site or even a book that would
> explain how to accomplish this tasks. If somebody can point me in the right direction that would be great.
In brief:
1. Use "openssl genrsa" to generate a key
2. Use "openssl csr" to generate a cert signing request from the key
3. Process the CSR at the cert authority making SURE that the
certificate template you use puts the "magic OIDs" in the cert. See:
http://wiki.freeradius.org/FAQ#PEAP+or+EAP-TLS+Doesn%27t+Work+with+a+Windows+machine
4. Copy the cert back to the radius server; put the locations of the key
and cert/CA files into eap.conf
You may find that steps 1&2 can be accomplished using the Makefile in
raddb/certs e.g
cd /etc/raddb/certs
make server.csr
More information about the Freeradius-Users
mailing list