Matt Langthorpe <matt.langtho...@pmb.ox.ac.uk> wrote:
>
> Having a bit of trouble following the official freeradius wiki when it 
> comes to certificates.  Basically I have my own certificate which I 
> want to use.  I have a ***.crt file which was sent by my issuer, and a 
> private.pem file which was created when I made my CSR request using 
> openssl.
>
----
alex@chipmunk:~$ unzip 10133697.zip
Archive:  10133697.zip
 extracting: 10133697.ca-bundle
 extracting: 10133697.crt

alex@chipmunk:~$ cat 10133697.crt 10133697.ca-bundle > server.pem
----

The infernal folks at Comodo seemed to have changed their process 
recently so that you get the bundle, the old style approach was:
----
$ cat 10133697.crt TERENASSLCA.crt UTNAddTrustServer_CA.crt 
AddTrustExternalCARoot.crt > server.pem
----

Now in your 'eap.conf' file use the following and you should be set:
----
private_key_password = secret
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.pem
---- 

FYI, if you have to do a similar thing with Apache, you want:
----
SSLEngine               on
SSLCertificateFile      /etc/apache2/certs/example/10133697.crt
SSLCertificateKeyFile   /etc/apache2/certs/example/privkey.pem
SSLCertificateChainFile /etc/apache2/certs/example/10133697.ca-bundle
----

> I have uploaded the two files into my raddb/certs folder, but am 
> unsure as to where to point to them in my eap.conf? I notice none of 
> the cert files listed in eap.conf have a *.crt extension which is a 
> bit confusing.
>
This is UNIX, file extensions are generally meaningless and should be 
ignored.

Cheers

-- 
Alexander Clouter
.sigmonster says: I think the world is run by C students.
                                -- Al McGuire

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to