Evan Vittitow wrote: > I'm having an issue telling my server certificate from my client > certificate: > > Issues: Which of these is the client certificate, and which of these is > the server cert. > > in eap.conf > > private_key_file = ${raddbdir}/certs/cakey.pem > certificate_file = ${raddbdir}/certs/cacert.crt > CA_file = ${raddbdir}/certs/cacert.pem
"certificate_file" is the server certificate file. "private_key_file" is the key for that certificate. "CA_file" is the file containing the CA cert which FreeRadius will expect CLIENT certs to be signed by. > > In /etc/xsupplicant.conf > > eap-peap { > random_file = /dev/urandom > root_cert = /etc/raddb/certs/cacert.crt > chunk_size = 1398 > allow_types = eap_mschapv2 > eap-mschapv2 { > username = > password = > } > eap_tls { > user_key = "/etc/raddb/certs/cacert.crt" > user_key_pass = "" > root_cert = "/etc/raddb/certs/cacert.crt" > root_dir = "/etc/raddb/certs/" > chunk_size = 1398 > random_file = "/dev/random/" > session_resume = yes > } "root_cert" is the file containing the CA cert which signed FreeRadius' "certificate_file" "user_key" is the file containing the user cert, which must be signed by FreeRadius' "CA_file" cert. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html