self-signed root CA

McNutt, Justin M. McNuttJ at
Thu Jan 26 01:08:34 CET 2012

So I'm getting some pushback in my organization against using a self-signed CA for signing my RADIUS server certs.  To make a long story short, I was asked to find out what other people were doing.

For my own reasons, I'd like to know slightly more than that.  If you AREN'T using a self-signed CA for your RADIUS server, what made you use another CA, and what CA did you use?

And just to be clear, is the concensus still that a self-signed CA is the way to go, assuming that you have a decent way to distribute the CA cert (which we do) to the clients who need to trust it?

I've read /etc/raddb/certs/README and I've done some Googling and everything I find pretty much assumes that you're using a self-signed CA.  The README explains briefly why, but my management wants more assurance than that, so here I am.

Looking forward to your responses, and thanks in advance.


More information about the Freeradius-Users mailing list