It seems it is already in PEM (Base-64) encoded format. Copy the text file(s) to blah(s).pem and refer to that in radiusd.conf. Refer to privkey.pem as the private key also in radiusd.conf. The cert chain will give you the root CA cert so refer to it (PEM format) in the Trusted Root CA list section under eap in radiusd.conf.
Quoting Patrick Mowry <[EMAIL PROTECTED]>: > We are using the iPlanet (Netscape) Certificate Manager as our corporate > CA. > I'm trying to set up FreeRadius 0.9.0 compiled against the Stock RedHat 9 > openssl RPMs version 0.9.7a for EAP-TLS. To request a WTLS server > certificate I ran: > > openssl genrsa -out privkey.pem 2048 > openssl req -new -key privkey.pem -outform PKCS#10 -out cert.csr > > and copy/pasted the contents of cert.csr into the PKCS # 10 Request > field on the web site request form. what I received back was a text > file that began: > > Base 64 encoded certificate > > -----BEGIN CERTIFICATE----- > AQIBAARBQ049REhMIEdsb2JhbCBDQSxPVT1TeXN0Z.... > > > I also grabbed the CA Certificate Chain also in Base 64 > encoded format. How do I put these in a format FreeRadius > can use? I assume I have to run the binary output from > base64 through openssl to convert it to .pem format, but I'm > lost after the base64 part ;) > > FreeRadius runs fine if I use the sample certificates available on the web. > I asked on the openssl-users list with no response. So that's why I'm > posting here. > > Thanks for the help, > > -Patrick > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Michael Brown <----------------------------------------------------> mikro network solutions * http://www.mikro-net.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
