Re: EAP/TLS with Win2003 CA

Greetings,

Am Montag 18 April 2005 11:24 schrieb Lasse Baek:
> Hi,
>
> I have a newbie question about getting EAP/TLS to work with FreeRADIUS
> (ver. 1.0.1 running on NetBSD 2.0). My CA is a Windows 2003 Server
> from which I have generated the root certificate. This is either
> represented in cer- or p12-format, which can be transformed to
> pem-format (say CA.pem) with OpenSSL.
>
> My question now is:
> What is the different parts of the EAP/TLS configurations in the
> eap.conf file?? I believe the CA.pem file is to be specified in the
> line "CA_file = ${raddbdir}/certs/...", but what is the
> "private_key_file = ${raddbdir}/certs/..." and "certificate_file =
> ${raddbdir}/certs/..." and how are they generated??
>
> Thanks in advance.

To sum up some SSL-stuff:
- Server needs so called certificate to serve.
- certificate is seperated in two parts: Public information and private
information. Public information is needed by the client and private
informationen is disclosure. Anybody having the private & public part is able
to attack your network.
- The public part is usually signed by a authority CA to assure it's
correctness.
- private_key_file has private, certifcate_file has public data.

Result: Your sever can be identified securely, transmissions can be encrypted
securely.

Apropiate programs (like openssl) are able to generate an new certificates
(public & private part).
Apropiate CA tools (like openssl) are able to assure it's correctness.

Got it?

Keep smiling
yanosz


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html