Should the client be sending a certificate to the server? I really Want to just do SSL with only Server Side certificates. I thought I set up the server so that it would not compare client certificates in slapd.conf and ldap.conf.
Ron. Slapd.conf ssl yes port 636 TLSCipherSuite HIGH:MEDIUM:+SSLv3 TLSCertificateFile /opt/LocalCA/server_crt.pem TLSCertificateKeyFile /opt/LocalCA/server_key.pem TLSCACertificateFile /opt/LocalCA/cacert.pem Ldap.conf ssl yes port 636 ssl start_tls TLS_REQCERT demand > -----Original Message----- > From: Daniel [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 29, 2003 8:17 AM > To: [EMAIL PROTECTED] > Subject: Re: FreeRadius + EAP/TLS + Digital Certificates > > El Domingo, 29 de Junio de 2003 15:47, Alan DeKok escribi�: > > Then, what do you think, in your opinion, will be the BEST implementation > for > AAA into wireless networks using FreeRadius? the solution described into > EAPTLS.pdf ? > > > > Daniel <[EMAIL PROTECTED]> wrote: > > > Well, i have read the EAPTLS.pdf doc, and here is the problem. This > > > document (linked on FreeRadius.org) describes the procedure to make > > > digital certificates (OpenSSL) and how to install MANUALLY on each > > > machine (clients and on freeradius server). Well, here is my question: > > > > > > Is posible with FreeRadius to implement a PKI on my network? > > > > No. > > > > > i mean, another > > > Linux machine making certificates and giving them automatically (or > when > > > the clients and the FreeRadius server need it), and not to do it > manually > > > as it is described in the doc. The method of Digital Certificate to do > > > AAA with FreeRadius is the best, but make it manually is a bit poor. > > > > It's also correct. > > > > The whole purpose of certificates is to validate identity. Why > > would you hand out certificates to machines which you haven't > > validated? > > > > It can't be done, and even if it could be done, it would be wrong. > > > > The server can hand out *temporary* keys for WEP. LEAP does that. > > But it does not, and will not, ever hand out identity to clients. > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
