/certs does not work as-is. See
http://bugs.freeradius.org/show_bug.cgi?id=614
I fixed mine by changing the script to sign the client with the CA in
stead of the server. While there are a number of way to go about it this
was the most expedient.
There is also an unrelated problem that causes the CA to only last 30
days. See here http://bugs.freeradius.org/show_bug.cgi?id=615
Use /certs with care!
-Ted-
[EMAIL PROTECTED] wrote:
my radius server though is running on server1 and I think that my
failure is related to the fact that I'm generating the certificates and
signing them with server2.
Yes. Same CA has to be used for server and client certificates.
So my questions...
1. Do I set up server1 to be its own CA or do I still use server2 as the
CA?
Both ways can work.
2. If server2 is the CA, do I then generate the request on server1, copy
it to server2 and then sign it on server2?
Or you can copy the CA certificate to server1, generate csr and sign it
there.
3. Does anyone see any problems with these methods of generating
certificates ? (openssl on Linux)
You have such stuff in freeradius /certs directory. Feel free to compare.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
