Hi All, I've been searching the archives for a while on some guidance into setting up multiple radius servers using the same CA for use with EAP/TTLS.
I've generated a CA which is distributed to all the clients (i.e. SecureW2). I've got 2 radius servers for redundancy. All NAS devices have two radius server configured. I'm using the scripts from freeradius 2.0 to generate the certificates according to instructions in the README. I've setup the ca.cnf and server.cnf (not using eap/tls so I skip clients.cf). On the primary radius server I generated the certificates by issuing: make Now on the second radius server I just copy the following files: /certs/ca.pem /certs/ca.key /certs/ca.der /certs/*.cnf /certs/Makefile /certs/README /certs/xpextensions and issue: make server make dh This seems to have worked. But is this really correct? I'm renewing one radius server and did this procedure again but now I'm receiving "chain could not be validated" errors in SecureW2. Radius log seems fine however EAP communication is not finished which corresponds with the client stopping communication since it can't validate the certificate. I'm really getting lost in the SSL jungle? I would really like to understand how this is done right, since it is about security. Rg, Arnaud -- View this message in context: http://old.nabble.com/Multiple-radius-servers-with-the-same-CA-tp28013061p28013061.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
