Yes. See the tls{} configuration. It points to a server
certificate. The client certificates are signed with this certificate.
well, theortically, it needs a signing capacity (represented by an included extension) to do this. anyway, in my config the client certificates are _not_ signed by this one, they are - of course - signed by the private key of the CA... as ANY certificate ever issued.
so, if you say you sign them by the server certificate, for me it means that either root.pem and server.pem are the same files OR - more generally - that a CA has signed a server a "special" certificate permitting it to sign other certificates - which is actually quite unusual but possible. so, i'm trying to understand what it is and what would it provide...
Independently of the user & password existing in a database.
If you don't list usernames and passwords in a database, then the server has no way of authenticating users... unless you use certificates.
now i don't get it. what does the password has to do with that? we speak about certificates, why would i configure a password?
i begin to think that we are terribly misunderstanding each other :-)
ciao artur
-- Artur Hecker artur[at]hecker.info
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
