Hi Fernando
2013/7/10 Fernando Hammerli
> Got it now, as you said.
>
> Using the public CA certs on certificate_file (and related private key),
> and included the public CA
> chain on the CA_file (together with my own CA).
>
Yep mostly except that I put the private key not inside certificate_fi
Got it now, as you said.
Using the public CA certs on certificate_file (and related private key),
and included the public CA chain on the CA_file (together with my own
CA). Still needs more testing (in more enviroments), but seems to be
working.
Thanks!
>
> Check the difference of CA_file (conta
Hi Mathieu, thanks for your reply.
It´s not clear to me what exactly has to be done.
So, I´ll place both server certificates inside the certificate_file,
correct? Do I declare it only under the 'tls' section (not on the peap)?
How does FR knows which certificate for each method?
How do I declare
User a deployment tool as then things like CN checks are done
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi, thanks for you reply (extensive to the others),
> Just put both CAs in the directory pointed to by CA_path.
Curently my CA_path is where my users certificates are stored.
I thought I had to offer a different server certificate to the user. I
was able to make it work (PEAP only, not the TLS)
Hello,
>>> To avoid the need of installing our CA certificate on every Windows
>>> machine, we´ll buy the server certificate from a public CA.
Having the CA cert installed only does half of the job; for EAP
configuration purposes, the CA must explicitly marked as trusted /for
this EAP identity/.
Hi
As a possible hint since your question sounds similar to an issue I had:
I was looking to provide a server-side certificate to my clients from a
public CA
but only allow clients to authenticate via EAP-TLS when presenting a cert
from our
internal CA which avoids the misconfiguration to trust a
Hi,
> Currently we have 1000´s of users self-signed certificates (EAP-TLS),
> and we´re planning to move our main authentication method to PEAP, but
> keeping the certificates in use while valid.
>
> To avoid the need of installing our CA certificate on every Windows
> machine, we´ll buy the serv
On 10 Jul 2013, at 13:38, Alan DeKok wrote:
> Fernando Hammerli wrote:
>> To avoid the need of installing our CA certificate on every Windows
>> machine, we´ll buy the server certificate from a public CA.
>> Can Freeradius allow me to have both methods at the same time, ie, the
>> PEAP with the
Fernando Hammerli wrote:
> To avoid the need of installing our CA certificate on every Windows
> machine, we´ll buy the server certificate from a public CA.
> Can Freeradius allow me to have both methods at the same time, ie, the
> PEAP with the public CA and certificate users with our 'self-signed
Hi,
Currently we have 1000´s of users self-signed certificates (EAP-TLS),
and we´re planning to move our main authentication method to PEAP, but
keeping the certificates in use while valid.
To avoid the need of installing our CA certificate on every Windows
machine, we´ll buy the server certifica
11 matches
Mail list logo
