> "De Yong, Doug" wrote:
>
> I've been trying to get the EAP-TLS going but I haven't been able to
> figure out what need to so be use for the trusted CA list.
>
> How do I generate this file? I used OpenSSL to generate the keys.
basically, it contains the public key of your CA. in the case of OpenSSL
it's a pem file. The howto (by ken roser) or adam (www.open1x.org)
explain how to generate it in detail.
one remark below though:
> #### KEYS GENERATED FROM THE OPENSSL CERT AUTHORITY
>
> # Sometimes Private key & Certificate are
> located
> # in the same file, then private_key_file &
> certificate_le
> # must contain the same file name.
> certificate_file = /etc/1x/sparcy-cert-srv.pem
>
> # Trusted Root CA list
> # CA_file = /path/filename
> CA_file = /etc/1x/r/CA.pam
> ######## HERE IS THE PROBLEM ABOVE
> ######## RADIUSD LOG SHOWS EAP WON'T INITIALIZE CANT READ TRUSTED CA
> FILE.
> ######## WHERE DOES ONE GET THIS FILE?
the line should probably be:
CA_file = /etc/1x/r/CA.pem
("pem" replaces "pam") i suppose it's a typo.
greetings,
artur
--
Artur Hecker
artur[at]hecker.info
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
