hi, its all about being authenticated as a known part. if A knows B as a trusted part and B have issued a certificate for C then A will trust C.
the server certificate is issued by the CA ( certificate authority. ) the client needs to have the certificate of the CA ( not the server certificate issued from the CA ) the mschap v2, tls,ttls, are methods of authentication(encryption). the eap-ttls doesnt requires that the client have a certificate on its own.so you need the ca certificate and the server certificate. 2009/3/23 Tomas <tomas.rad...@googlemail.com> > Dear all, > I'd appreciate if somebody could please explain me the meaning of > certificates. I had a look at certs/README, but some things are still > unclear. > As far as I know there are 3 types of certificates on FreeRADIUS: > * ROOT CA > * Server > * Client > > What is the purpose of each of them? I know that ROOT CA is required to > allow EAP-TLS, PEAP or EAP-TTLS. Would not having ROOT CA imported on > 802.1x supplicant mean that EAP will be just EAP or PEAP etc.? What does > ROOT CA do? > What is the purpose of server certificate? How is that linked with > MSCHAP v2? I remember I could not authenticate xp host with users file > without generating certificates first. > And lastly Client certificate, would I need to install this on a client > PC, what do I get with that? > > What are the benefits of using certificates? > > Thanks very much for your help. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html