Re: generating ssl certs in debian squeeze
did the trick, thanks :D (had been making a silly mistake with one of the cert files) On Sat, Sep 15, 2012 at 3:05 AM, Alan DeKok wrote: > austin wonderly wrote: > > hello, thanks for the tip, although unfortunately im am still getting > > problems > > Google "EAP-TLS freeradius" gets you this link: > > http://freeradius.org/doc/EAPTLS.pdf > > Follow it, and it WILL WORK. > > The Wiki also contains documentation, and points to my web site: > > http://deployingradius.com/documents/configuration/eap.html > > Follow the instructions, and it will work. > > You've missed a step somewhere. eapol_test is providing a client > cert, signed by a CA unknown to FreeRADIUS. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: generating ssl certs in debian squeeze
austin wonderly wrote: > hello, thanks for the tip, although unfortunately im am still getting > problems Google "EAP-TLS freeradius" gets you this link: http://freeradius.org/doc/EAPTLS.pdf Follow it, and it WILL WORK. The Wiki also contains documentation, and points to my web site: http://deployingradius.com/documents/configuration/eap.html Follow the instructions, and it will work. You've missed a step somewhere. eapol_test is providing a client cert, signed by a CA unknown to FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: generating ssl certs in debian squeeze
Hi... as i see log says , "Error: TLS Alert read:fatal:unknown CA" . and you need to specify the certificate Authority in your client when testing. Certifcate authority is a File called "CA.pem" once you added to the client error should go away. And make sure debian sever hostname should be same as "commonName" specified in server.cnf Thank You On 15 September 2012 08:44, austin wonderly wrote: > hello, thanks for the tip, although unfortunately im am still getting > problems :( have included the out of eapol_test right here > http://pastebin.com/8iKsCUfn and also what shows up in the freeradius > logs as well (have included the file names that i currently have in in my > /etc/freeradius/certs directory) http://pastebin.com/MtQDVaWL, would you > guys know of anything that I could do to resolve this? it actually seems > like the same problem that i've been having with the other solutions that I > have tried earlier on (yesterday and today), thanks again for the help too > > > On Fri, Sep 14, 2012 at 9:17 PM, val john wrote: > >> Download the tar.gz file form freeradius , in that file , in folder >> "freeradius-server-xxx/raddb/certs" provide very easy way generate certs >> (./bootstrap) , just copy its its content to the freeradius in debian >> "/etc/freeradius/certs/" >> >> Thank you >> >> >> -- Forwarded message -- >> From: austin wonderly >> Date: 15 September 2012 03:23 >> Subject: generating ssl certs in debian squeeze >> To: freeradius-users@lists.freeradius.org >> >> >> Hello, I was wondering if anyone knew of any tutorials for generating ssl >> certificates for freeradius in debian squeeze? Have been trying to find a >> method that would work over the last few days and have not found a solution >> yet (have probably spent around 6-7 hrs just getting this part to work so >> far), I am trying to setup a radius server to provide eap-ttls >> authentication for a non public network (windows machines, as well linux >> based machines would be on the network), if someone could point me in the >> right direction though or possibly offer some advice I would really >> appreciate it as i've pretty much exhausted my options at this point in >> time. having said that, would there be any downsides to just using the >> "snakeoil" certificates in this type of configuration? thanks >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: generating ssl certs in debian squeeze
hello, thanks for the tip, although unfortunately im am still getting problems :( have included the out of eapol_test right here http://pastebin.com/8iKsCUfn and also what shows up in the freeradius logs as well (have included the file names that i currently have in in my /etc/freeradius/certs directory) http://pastebin.com/MtQDVaWL, would you guys know of anything that I could do to resolve this? it actually seems like the same problem that i've been having with the other solutions that I have tried earlier on (yesterday and today), thanks again for the help too On Fri, Sep 14, 2012 at 9:17 PM, val john wrote: > Download the tar.gz file form freeradius , in that file , in folder > "freeradius-server-xxx/raddb/certs" provide very easy way generate certs > (./bootstrap) , just copy its its content to the freeradius in debian > "/etc/freeradius/certs/" > > Thank you > > > -- Forwarded message -- > From: austin wonderly > Date: 15 September 2012 03:23 > Subject: generating ssl certs in debian squeeze > To: freeradius-users@lists.freeradius.org > > > Hello, I was wondering if anyone knew of any tutorials for generating ssl > certificates for freeradius in debian squeeze? Have been trying to find a > method that would work over the last few days and have not found a solution > yet (have probably spent around 6-7 hrs just getting this part to work so > far), I am trying to setup a radius server to provide eap-ttls > authentication for a non public network (windows machines, as well linux > based machines would be on the network), if someone could point me in the > right direction though or possibly offer some advice I would really > appreciate it as i've pretty much exhausted my options at this point in > time. having said that, would there be any downsides to just using the > "snakeoil" certificates in this type of configuration? thanks > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: generating ssl certs in debian squeeze
Download the tar.gz file form freeradius , in that file , in folder "freeradius-server-xxx/raddb/certs" provide very easy way generate certs (./bootstrap) , just copy its its content to the freeradius in debian "/etc/freeradius/certs/" Thank you -- Forwarded message -- From: austin wonderly Date: 15 September 2012 03:23 Subject: generating ssl certs in debian squeeze To: freeradius-users@lists.freeradius.org Hello, I was wondering if anyone knew of any tutorials for generating ssl certificates for freeradius in debian squeeze? Have been trying to find a method that would work over the last few days and have not found a solution yet (have probably spent around 6-7 hrs just getting this part to work so far), I am trying to setup a radius server to provide eap-ttls authentication for a non public network (windows machines, as well linux based machines would be on the network), if someone could point me in the right direction though or possibly offer some advice I would really appreciate it as i've pretty much exhausted my options at this point in time. having said that, would there be any downsides to just using the "snakeoil" certificates in this type of configuration? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html