Greetings, Am Montag 18 April 2005 11:24 schrieb Lasse Baek: > Hi, > > I have a newbie question about getting EAP/TLS to work with FreeRADIUS > (ver. 1.0.1 running on NetBSD 2.0). My CA is a Windows 2003 Server > from which I have generated the root certificate. This is either > represented in cer- or p12-format, which can be transformed to > pem-format (say CA.pem) with OpenSSL. > > My question now is: > What is the different parts of the EAP/TLS configurations in the > eap.conf file?? I believe the CA.pem file is to be specified in the > line "CA_file = ${raddbdir}/certs/...", but what is the > "private_key_file = ${raddbdir}/certs/..." and "certificate_file = > ${raddbdir}/certs/..." and how are they generated?? > > Thanks in advance.
To sum up some SSL-stuff: - Server needs so called certificate to serve. - certificate is seperated in two parts: Public information and private information. Public information is needed by the client and private informationen is disclosure. Anybody having the private & public part is able to attack your network. - The public part is usually signed by a authority CA to assure it's correctness. - private_key_file has private, certifcate_file has public data. Result: Your sever can be identified securely, transmissions can be encrypted securely. Apropiate programs (like openssl) are able to generate an new certificates (public & private part). Apropiate CA tools (like openssl) are able to assure it's correctness. Got it? Keep smiling yanosz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html