FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on August 9, 2005 at 10:54 -0800 wrote: >Hello, >Two part question: >1. Is it critical to have certificates, dh and random files in >etc/raddb/certs directory for eap-tls to work. >2. Is it ok to generate random file as date > random
1. Yes, sort of. You can put it in a different directory if you change the eap.conf entries. 2. No. This is the correct way: To generate the dh file you can use a function that comes with openssl openssl dhparam -check -text -5 512 -out dh This will generate a 512 Diffie-Hellman key named dh. Move this file to /etc/mycerts/ mv dh /etc/mycerts/. To generate a random file you will need a short C program using openssl libraries. Paste this text into a file named 'random.c': ----8< cut--- #include <stdio.h> #include <openssl/rand.h> main (void) { unsigned char buf[100]; if (!RAND_bytes(buf, 100)) { // the usual md5(time+pid) } printf("Random : %s\n", buf); } ----8< cut--- Compile it like this: gcc random.c -o random -lcrypto I will generate 32-bit LSB executable named random, try it with ./random. Move this file to /etc/mycerts/: mv random /etc/mycerts/. -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html