[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: The EAP Saga begins.
From: Evan Vittitow <evan () terralab ! com>
Date: 2007-01-29 1:23:38
Message-ID: 45BD4C9A.5050909 () terralab ! com
[Download RAW message or body]
>
> To repeat my previous email - xsupplicant does not have a CA cert that
> allows it to trust the server.
>
> The line:
>
> Loaded root certificate /etc/raddb/certs/cert-clt.pem
>
> ...looks wrong. It looks as if you've told xsupp that the CA cert is
> the client cert, which it isn't. They're different things.
>
> In FreeRadius, the "eap.conf" file will have:
>
> eap {
> tls {
> certificate_file = /path/to/file.pem
> }
> }
>
> ...and if you run (against that file):
>
> openssl x509 -noout -text -in /path/to/file.pem |
> egrep '(Subject|Issuer):'
>
> ...you'll get something like:
>
> Issuer: C=US, O=MyOrg, OU=MyCA, CN=My Certificate Authority
> Subject: C=US, O=MyOrg, OU=MyCA, CN=wireless.myorg.com
>
> The certificate you supply to the CLIENT as the *CA* must be the
> ISSUER cert - that is, the one with:
>
> Subject: C=US, O=MyOrg, OU=MyCA, CN=My Certificate Authority
>
> I would glance at the xsupp documentation to give more advice but the
> crapforge^Wsourceforge docs links appears to lead in a loop. This is
> one reason amongst many others you should seriously consider using
> wpa_supplicant on the clients.
I have a feeling that I've ruined my CA, and I need to re-create my
FreeRadius CA. Now, I've re-examined how to make a CA repeatedly, and
everything says something different. my CA.pl is located on
/etc/pki/tls/misc
Given this is the case, from scratch, what is the best way to create a
"Fresh" CA for FreeRadius. I've tried multiple documents from Ubuntu to
RedHat, (Mandriva doesn't offer any documentation themselves.) So, in
the absense of qualified docs, recommendation?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic