Freeradius 3 self signed certificate
Jochen Demmer
jochen.demmer at peakwork.com
Mon Jun 29 10:47:42 CEST 2015
Hi,
I'm trying to setup Freeradius 3.0.4 under CentOS 7 with TTLS-EAP and
MSCHAPv2.
My first tests with using LDAP in the back and the defaultly installed
server certificate were successful.
There won't be any authentication via client certificate. It's all about
the server certificate for the TLS encryption.
There is a self signed certificate which I would like install in the
server. Now I'm somewhat struggling with the server side configuration.
Why do I want these cnf files in the certs directory? Honestly I
expected to just place the certificate/key files there, link them in the
config and be done.
I found some documents in the internet saying that this server
certificate need extended key usage attributes (1.3.6.1.5.5.7.3.1). Is
that right?
The certificate is actually issued from a subCA. What do I have to
consider when installing the cert, key and cacert in the FreeRadius
server? Does the ca certificate need to be concatenated from the rootCA
and also the subCA?
What do I need to consider when it comes to installing the cacert to the
clients (iOS, Android, Windows 7+, Linux, OS X). Does the certificate be
a catted cert from the rootca cert and the subca cert?
I there anything else I need to consider? We're using TinyCA 0.7.5.
Thank you list
--
Peakwork Signature
*Jochen Demmer*
Network Administrator
T: +49-(0)241-4131146-29
jochen.demmer at peakwork.com
peakwork AG | Sonnenweg 15 a | D-52070 Aachen | T: +49-(0)241-4131146-29
| F: +49-(0)241-4131146-17
peakwork AG (Headquarter) | Flinger Str. 36 | D-40213 Düsseldorf | T:
+49-(0)211-91368-500 | F: +49-(0)211-91368-509
Executive board: Ralf Usbeck (chairman) | Markus Pfau | Michael Schmidt
| Dr. Thomas van Kaldenkerken
Chairman of the supervisory board: Markus Voelkel
Company register: Amtsgericht Düsseldorf HRB 71223 | VAT ID.: DE264960677
Peakwork Logo
www.peakwork.com | www.peakwork.de
More information about the Freeradius-Users
mailing list