understanding the process of setting up eap-tls server/client certs

Michael Martinez mwtzzz at gmail.com
Thu Mar 17 16:27:35 CET 2016


I'm working on setting up EAP-TLS so that the client (iPad) can be
issued a client cert and use it to authenticate with Radius. I need
some clarity on the process, particularly the roles of some of the
different files generated and how to use them.

1. in order to generate the root ca, first I edit ca.cnf.
It's straightforward except I don't understand the role of the "input"
password. The "output" password I understand is for the private key -
ca.key.

1.a. after editing ca.cnf, then i run make ca.pem. This uses openssl
to run req to generate a self-signed root ca. Four files are
generated:


-- 
---
Michael Martinez
http://www.michael--martinez.com


More information about the Freeradius-Users mailing list