Re: Server Sertificate
Hi, Can you send me some sample Server.cnf and Client.cnf files. I am facing some problem with the certificates. Regards Senthil On Thu, Jun 2, 2011 at 1:51 AM, Alexander Clouter a...@digriz.org.ukwrote: Lubenski, Zeev [GCS] zlube...@lgsinnovations.com wrote: This leads to believe that certificate is not mandatory ? ...which leads us to wonder why you want to use EAP-TLS? Probably best to answer: * what is it you are trying to do * how are you trying to accomplish it * what are you expecting to happen * what is actually happening Cheers -- Alexander Clouter .sigmonster says: You enjoy the company of other people. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Adversity always presents opportunity for Introspection Regards Senthil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server Sertificate
senthil kumar wrote: Hi, Can you send me some sample Server.cnf and Client.cnf files. I am facing some problem with the certificates. See raddb/certs. This is documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Server Sertificate
We use EAP-TLS method, but in the Server Hello message don't want to send the certificate. How can it be disabled - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Server Sertificate
We use EAP-TLS method, but in the Server Hello message don't want to send the certificate. How can it be disabled - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Server Sertificate
We use EAP-TLS method, but in the Server Hello message don't want to send the certificate. How can it be disabled - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server Sertificate
On 06/01/2011 08:28 PM, Lubenski, Zeev [GCS] wrote: We use EAP-TLS method, but in the Server Hello message don’t want to send the certificate. How can it be disabled It can't. EAP-TLS requires a server certificate and a client certificate. Neither are optional, and neither can be disabled. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Server Sertificate
Paul In the RFC 5216 I see: The EAP server will then respond with an EAP-Request packet with AP-Type=EAP-TLS. The data field of this packet will encapsulate one or more TLS records. These will contain a TLS server_hello handshake message, possibly followed by TLS certificate This leads to believe that certificate is not mandatory ? Regards Zeev -Original Message- From: freeradius-users-bounces+zlubensk=lgsinnovations@lists.freeradius.org [mailto:freeradius-users-bounces+zlubensk=lgsinnovations@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Wednesday, June 01, 2011 2:58 PM To: freeradius-users@lists.freeradius.org Subject: Re: Server Sertificate On 06/01/2011 08:28 PM, Lubenski, Zeev [GCS] wrote: We use EAP-TLS method, but in the Server Hello message don't want to send the certificate. How can it be disabled It can't. EAP-TLS requires a server certificate and a client certificate. Neither are optional, and neither can be disabled. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server Sertificate
On 06/01/2011 09:07 PM, Lubenski, Zeev [GCS] wrote: Paul In the RFC 5216 I see: The EAP server will then respond with an EAP-Request packet with AP-Type=EAP-TLS. The data field of this packet will encapsulate one or more TLS records. These will contain a TLS server_hello handshake message, possibly followed by TLS certificate This leads to believe that certificate is not mandatory ? If you read just a few lines further on: If the EAP server is not resuming a previously established session, then it MUST include a TLS server_certificate handshake message, and a server_hello_done handshake message MUST be the last handshake message encapsulated in this EAP-Request packet. That is, a certificate is only optional if you're resuming an earlier session (which must itself have contained a certificate) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Server Sertificate
Paul Thanks a lot Regards Zeev -Original Message- From: freeradius-users-bounces+zlubensk=lgsinnovations@lists.freeradius.org [mailto:freeradius-users-bounces+zlubensk=lgsinnovations@lists.freeradius.org] On Behalf Of Phil Mayers Sent: Wednesday, June 01, 2011 3:15 PM To: freeradius-users@lists.freeradius.org Subject: Re: Server Sertificate On 06/01/2011 09:07 PM, Lubenski, Zeev [GCS] wrote: Paul In the RFC 5216 I see: The EAP server will then respond with an EAP-Request packet with AP-Type=EAP-TLS. The data field of this packet will encapsulate one or more TLS records. These will contain a TLS server_hello handshake message, possibly followed by TLS certificate This leads to believe that certificate is not mandatory ? If you read just a few lines further on: If the EAP server is not resuming a previously established session, then it MUST include a TLS server_certificate handshake message, and a server_hello_done handshake message MUST be the last handshake message encapsulated in this EAP-Request packet. That is, a certificate is only optional if you're resuming an earlier session (which must itself have contained a certificate) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server Sertificate
Lubenski, Zeev [GCS] zlube...@lgsinnovations.com wrote: This leads to believe that certificate is not mandatory ? ...which leads us to wonder why you want to use EAP-TLS? Probably best to answer: * what is it you are trying to do * how are you trying to accomplish it * what are you expecting to happen * what is actually happening Cheers -- Alexander Clouter .sigmonster says: You enjoy the company of other people. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html