Problem making certs (Alan DeKok)

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Feb 8 00:09:43 CET 2017


Hi,

> >I'm new to Freeradius and to Linux (Ubuntu Server 16.04) as well.  I've got my first server up and running Freeradius v3 and can >successfully authorize users on my network with a username and password.  Works great and was easy to do.  My AXis ipCCTV cameras >require EAP-TLS and this is where I'm stuck.
> 
> >My clients require a CA Certificate, a Client cert and private key, an EAP identity and Private key password for the EAP >identity.  I'm not exactly sure where all this comes from.

FreeRADIUS provides example scripts that will create a CA, server cert and clients certs. you will want
to modify those scripts for a productioon server (so that eg the realm, name etc are correct) - but most of it wokrs out 
of the box.

for client certs, you will need to look at the client part of those scripts....and ensure that the FreeRADIUS
server is configured correctly for EAP-TLS (check the eap module....or eap.conf for older versions)... 

the typical issue is that if you use your own CA (and intermediates if you go the extra mile), the client
wont know them - so you need to ensure the client has the CA installed... this can be done with 802.1X deployment
tools - commercial ones, free ones..and MDM solutions.


alan


More information about the Freeradius-Users mailing list