>my radius server though is running on server1 and I think that my >failure is related to the fact that I'm generating the certificates and >signing them with server2. >
Yes. Same CA has to be used for server and client certificates. >So my questions... > >1. Do I set up server1 to be its own CA or do I still use server2 as the >CA? > Both ways can work. >2. If server2 is the CA, do I then generate the request on server1, copy >it to server2 and then sign it on server2? > Or you can copy the CA certificate to server1, generate csr and sign it there. >3. Does anyone see any problems with these methods of generating >certificates ? (openssl on Linux) > You have such stuff in freeradius /certs directory. Feel free to compare. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
