freeradius and certs
Hi if i understand well i need 9 cert files: root.pem, root.p12, root.der cert-clt.pem, cert-clt.p12, cert-clt.der cert-srv.pem, cert-srv.p12, cert-srv.der i have demo certs but they expired. How can i create these 9 certs? i try with CA.all and i had multiple errors. is there another way? -- View this message in context: http://www.nabble.com/freeradius-and-certs-t1834817.html#a5007516 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and certs
Knowing the errors might help, but here is a good web page with instructions: http://www.linuxjournal.com/article/8095 --- Date: Fri, 23 Jun 2006 00:40:20 -0700 (PDT) From: unforgiver [EMAIL PROTECTED] Subject: freeradius and certs To: freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Hi if i understand well i need 9 cert files: root.pem, root.p12, root.der cert-clt.pem, cert-clt.p12, cert-clt.der cert-srv.pem, cert-srv.p12, cert-srv.der i have demo certs but they expired. How can i create these 9 certs? i try with CA.all and i had multiple errors. is there another way? -- View this message in context: http://www.nabble.com/freeradius-and-certs-t1834817.html#a5007516 Sent from the FreeRadius - User forum at Nabble.com. -- Walter Reynolds University of Michigan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and certs
The .pem .p12 and .der are just typical endings of filenames containing certs in different 'styles'. FR will use the .pem ones (default in openssl, I think). windows in general is more easily convinced to accept .der. Assuming you talk about some eap-* usage, FR alone, in most circumstances, will only need 1 root and 1 server certificate (might be helpfully named root* and cert-srv*), encoded in PEM format, thus *.pem. Whatever you run as supplicant on what OS determines what sort of client certificate (and eventually root certificate, perhaps in different encoding than the one above) you need. So depending on what you're actually trying to achieve, you only need a subset of the3x3-matrix you listed. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
