understanding the process of setting up eap-tls server/client certs
Alan DeKok
aland at deployingradius.com
Thu Mar 17 17:00:11 CET 2016
On Mar 17, 2016, at 11:27 AM, Michael Martinez <mwtzzz at gmail.com> wrote:
>
> I'm working on setting up EAP-TLS so that the client (iPad) can be
> issued a client cert and use it to authenticate with Radius. I need
> some clarity on the process, particularly the roles of some of the
> different files generated and how to use them.
Read http://deployingradius.com/
It has detailed instructions for getting EAP working.
> 1. in order to generate the root ca, first I edit ca.cnf.
> It's straightforward except I don't understand the role of the "input"
> password. The "output" password I understand is for the private key -
> ca.key.
Ignore the input password. And this is all documented in the OpenSSL documentation. It's not a FreeRADIUS configuration file.
> 1.a. after editing ca.cnf, then i run make ca.pem. This uses openssl
> to run req to generate a self-signed root ca. Four files are
> generated:
You sent the message too soon.
Go read the instructions on the deployingradius.com site. It explains all of this in excruciating detail.
Alan DeKok.
More information about the Freeradius-Users
mailing list