Evan Vittitow wrote: > I think a large part of my problem is the creation of a Certificate > authority.
Why? See the various 802.1x howto's (pointed to from freeradius.org & the wiki) for how to create certificates for the server. > Its very possible, that said Certificate authority for Radius could > hypothetically be used layer for IPSec. This being the case, what would > the best strategy be for implementing a PKI CA. Should I make one Cert > for every host? One server host and one client Cert for all hosts? > Different CAs for different Services? How will Mandriva's architecture > change affect this? You want one certificate for the RADIUS server. For most RADIUS situations, this is enough. And that certificate shouldn't be used for anything else. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
