Thomas Tsai wrote: > In a windows 802.1x standard implementation, have any of you been able > to successfully implement the certificate check for 802.1x via PF? > > Looks like the digital certificate used for freeradius needs to be > updated to a trusted CA for this to occur. Have any of you had success > creating a CSR process to do this? > > Is the cert used listed under /usr/local/pf/conf/radius/eap.conf? I’m > not sure how to generate this correctly.
Yep. It's a standard apache cert, so generate a csr as you would for an apache server. Put the key (with no passphrase), the certificate, and the CA in the conf/ssl directory. Add the proper filenames to the eap.conf. You'll need to add the CA config as well : private_key_file = %%install_dir%%/conf/ssl/server.key certificate_file = %%install_dir%%/conf/ssl/server.crt CA_file = %%install_dir%%/conf/ssl/CA.crt -- --------------------------- Jason 'XenoPhage' Frisvold [email protected] --------------------------- "Any sufficiently advanced magic is indistinguishable from technology.\" - Niven's Inverse of Clarke's Third Law ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
