Server certificate and clients (eap-tls) certificate
thework.vlpl at gmail.com
Tue Dec 12 04:26:05 CET 2017
On 12 December 2017 at 08:36, Nathan Ward <lists+freeradius at daork.net> wrote:
> https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/certs/README <https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/certs/README>
> Line 26 onwards:
> In general, you should use self-signed certificates for 802.1x (EAP)
> authentication. When you list root CAs from other organisations in
> the "ca_file", you permit them to masquerade as you, to authenticate
> your users, and to issue client certificates for EAP-TLS.
Yes, I am aware of it, and I set `ca_file` variable to point my
self-generated/self-signed CA certificate.
I am asking about `certificate_file` and `private_key_file` variables
which represent radius server, and documentation says not to use
global know CA only for `ca_file` variable.
More information about the Freeradius-Users