sphaero wrote:
>
> Hi all,
>
> Thanks for these clarifications. So to clear this up I know have one
> machine to generate the certificates. This machine had it's CA setup
> according to instructions found in the certs/README distributed with FR 2.
>
> Certificates for a second radius server (radius2) using the same CA are
> generated as follow:
>
> # Certificate request (.csr) en key (.key)
> openssl req -new -out radius2.csr -keyout lx0008.key -config ./server.cnf
> # Certificate (.crt)
> openssl ca -batch -keyfile ca.key -cert ca.pem -in radius2.csr -key
> $PASSWORD_CA -out radius2.crt -extensions xpserver_ext -extfile
> xpextensions -config ./server.cnf
> # p12
> openssl pkcs12 -export -in radius2.crt -inkey radius2.key -out radius2.p12
> -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
> # PEM
> openssl pkcs12 -in radius2.p12 -out radius2.pem -passin
> pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
>
> (Ofcourse the password vars are replaced with the vars in the ca.cnf &
> server.cnf)
>
> I then copy the following files onto this second radius server:
> radius2.pem and ca.pem
>
> Finally I generate a dh file on the second radius server:
> openssl dhparam -out dh 1024
>
> Bump, still doesn't work :(
> I'm still doing something wrong?
>
> Rg,
>
> Arnaud
>
Forget that last sentence. It does work. Was probably something with the
nas.
But if someone can confirm this procedure so it's safe.
Rg,
Arnaud
--
View this message in context:
http://old.nabble.com/Multiple-radius-servers-with-the-same-CA-tp28013061p28016006.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html