FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on
August 9, 2005 at 10:54 -0800 wrote:
Hello,
Two part question:
1. Is it critical to have certificates, dh and random files in
etc/raddb/certs directory for eap-tls to work.
2. Is it ok to generate random file as date > random
1. Yes, sort of. You can put it in a different directory if you change
the eap.conf entries.
2. No. This is the correct way:
To generate the dh file you can use a function that comes with openssl
openssl dhparam -check -text -5 512 -out dh
This will generate a 512 Diffie-Hellman key named dh.
Move this file to /etc/mycerts/
mv dh /etc/mycerts/.
To generate a random file you will need a short C program using openssl
libraries. Paste this text into a file named 'random.c':
----8< cut---
#include <stdio.h>
#include <openssl/rand.h>
main (void) {
unsigned char buf[100];
if (!RAND_bytes(buf, 100)) {
// the usual md5(time+pid)
}
printf("Random : %s\n", buf);
}
----8< cut---
Compile it like this: gcc random.c -o random -lcrypto
I will generate 32-bit LSB executable named random, try it with ./random.
Move this file to /etc/mycerts/:
mv random /etc/mycerts/.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
