Server certificate and clients (eap-tls) certificate

work vlpl thework.vlpl at
Tue Dec 12 04:26:05 CET 2017

On 12 December 2017 at 08:36, Nathan Ward <lists+freeradius at> wrote:
> <>
> Line 26 onwards:
>   In general, you should use self-signed certificates for 802.1x (EAP)
> authentication.  When you list root CAs from other organisations in
> the "ca_file", you permit them to masquerade as you, to authenticate
> your users, and to issue client certificates for EAP-TLS.

Yes, I am aware of it, and I set `ca_file` variable to point my
self-generated/self-signed CA certificate.
I am asking about `certificate_file` and `private_key_file` variables
which represent radius server, and documentation says not to use
global know CA only for `ca_file` variable.

More information about the Freeradius-Users mailing list