Testing Certificates

Alan DeKok aland at deployingradius.com
Wed Sep 30 21:21:49 CEST 2015 

On Sep 30, 2015, at 2:54 PM, Lightfoot, Maurice P. <m.p.lightfoot at spartans.nsu.edu> wrote:
>     I have installed and configured the freeradius server v3 on a centOS 7, using the beginners guide.  On the same machine I have created users and a client.  I read Chapter 6.4.1 of the, "The FreeRADIUS Implementation Guide" on Certificate Creation.  I created a Root Certificate, a Server Certificate, and a Client Certificate.  I was trying to test if the certificate worked properly. So I installed JRadiusSimulator to test if the certificate; thus leading me to the below issue:

  The page I pointed you to has explicit instructions for doing these kinds of tests, including how to run a test client.  I have no idea how jradiussimulator works.

>  -Perhaps you could run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list.
> 
>     The GUI for the JRadiusSimulator has a tab to input the path of the certificates created.  I was under the assumption that if I were to put in the wrong path of the certificate, the debugger would send an access-reject.  However the debugger still gave an output of access-accept.

  So... you're not going to actually look at the debug output.  If you had looked at it, you would see WHY it's sending an Access-Accept.

  If you're going to ignore my recommendations, you shouldn't be asking questions.

> 
>> My question is how do I test the certificates created with RADIUS.
> 
>  -http://deployingradius.com/
> 
>     May be a dumb question but do I need to do EAP Authentication?

  Yes, that is a bad question.  If you're trying to use certificates for authentication with RADIUS, that means EAP.  Every single page you read about the subject will say this.

> My professor just wanted me to set up a freeradius server and try to test on the same machine, if you could create a new certificate and delete the default certificate. Then test that the newly created certificates to see if they work.

  Follow the instructions on the web page I pointed you to.  It WILL work.

  If you're not going to follow instructions, then there's no need for you to ask questions here.

  Alan DeKok.

More information about the Freeradius-Users mailing list