Possible certificatre problem

Henrik Kressner kressner at synkro.dk
Sat Jul 2 16:47:10 CEST 2016 

On 02-07-2016 15:59, Alan DeKok wrote:
>> On Jul 2, 2016, at 9:27 AM, Henrik Kressner <kressner at synkro.dk> wrote:
>> By the windows machine, what do you mean ?
>    You said:
>
>>> Trying to connnect from a win 7, as described, via a hostapd based AP/NAS,
>    I mean *that* windows machine.
>
>    What other windows machine would there be?
>
>> Its unclear in the howto if the windows machine act as a AP/NAS og as af station on the WLAN.
>    From the earlier quote, you're clear that the Windows machine is trying to connect, and that you have a separate AP.
>
>    Now, you claim that you're not sure wether or not the Windows machine is acting as an AP.
>
>    It's not complicated.  You're making it complicated.
>
>    Why?
>
>> I have copyed ca.der to the AP/NAS (running on a RPI) and i have configured with this line in hostapd.conf file:
>    <sigh>
>
>    You said you had a Windows machine.  I said to copy the CA to the Windows machine.  You copied the CA to the access point running hostap.
>
>    Why are you making this difficult?
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Thanks for you comment, but now you are making assumtion.

I did asume that the station was the one that needed a certificat, but 
it did not say so in the howto, so I had to ask.

And by the way, the howto say it is NOT needed to make a client 
certificate, so I should not asume there is a client, even though make 
is trying to make af client certificate, and ends up with an error, if 
you dont configure it.

And again, a client in radius enviroment MUST BE a NAS, so howto is not 
consistent.


Mayby thats why so many peable ask so many silly quistions.


I could be complaining about the bad documentation, theres no need for 
that, it's bad, the hole net knows it, so let us try to do something 
about it.

I would happely help making documentation for freeradius, I am wery good 
at that, but before I can do that, i need to find out how it work.



Anyway.

To me it looks like there is a need for certificate at the station, this 
means that self signed certificat is not usable in a production enviroment.


Therefore I will conclude you ned a comersially certificate, if using 
freeradius in af production enviroment. It would be nice if that was 
there somewhere in the documentation, so you know that before you start.


Then a quistion: Will freeradius work with letsencrypt certificate, has 
anybody tryed?


Please correct me if my conclution is wrong.


-- 

-------------------------------------------
Med venlig hilsen / Yours Sincerly
Henrik Kressner

More information about the Freeradius-Users mailing list