hopefully, you can help me with a couple of things here:
When the 'root' certificate runs out, what should / can I do?
- it looks like I can not extend it's lifetime?
- will a re-creation invalid the client certificates? Does a distribution of the root.der file have to be "safe"?
Thanks everybody for your advise!
Tom
Artur Hecker wrote:
hi
Thanks to the EAP/TLS Howto, I was able to setup the radius server and get all the authentification I needed going.
Now the script, which creates the root certificate, generates root.pem with a lifetime of 30 days.
After that authentification doesn't work, OK. Last month I recreated everything. That's a pain...
> > - How can I extend them? Reuse them? What's the deal?
no reuse. you have to set another expriration date. take a look at the scripts.
I have the second box, with software up and running.
But again, the certificates: - My first attempt - just copying them - didn't work. OK, just a try.
why? what exactly did you copy and what exactly did you certify?
- Second, since the certs are tied to hostname, I recreated them - guess what...
well, you have to look at what you are doing. are you sure that your certificates are tied to the host address? because mine are not. and i doubt that this is verified anyway. the server simply has a pair of keys and both are signed and one of them (the private) is encrypted. the posession of the decryption key enables the usage.
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html