Hello Johannes, in fact you can follow this to create the certificates needed for eap-tls. https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_certificate_authority_creation
Once you have created the ca certificate and applied it in the radius section. ``` Once done copy the certificate in the clipboard from the Certificate Authorities list (Configuration → Integration → PKI → Certificate Authorities and click on Copy Certificate) then edit the RADIUS certificate section in Configuration → Systen Configuration → SSL Certificates → RADIUS → Edit and paste the public key in "Certificate Authority" and Save. (Don’t forget to restart radiusd-auth) This will authorize the EAP TLS authentications using the PKI issued certificates. ``` Create a certificate template https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_template_creation and create a certificate for the end user. Once you have the pkcs12 file, import it on your device and configure the supplicant to use this certificate to connect to a secure ssid (it could be wired too). So when you will try to connect , you should be able to see the radius authentication in the radius audit log , the next steps will be to configure a EAPTLS or Authorize authentication source and assign it to a connection profile where you set the filter to sub_connection_type = EAP_TLS. Let me know if you are stuck at some point. Regards Fabrice Le mer. 15 mars 2023 à 07:45, Mudrich, J. via PacketFence-users < packetfence-users@lists.sourceforge.net> a écrit : > Hello again, > > > > I’m trying to configure PF for EAP-TLS authentication. I couldn’t find any > comprehensive guide or manual so I hope you can help. > > I would like to use the internal PKI. That’s what I already set up. Maybe > someone can walk me through this? > > > > Some wild guesses: > > I think I need to set up an Authentication Source (internal -> EAPTLS)? > > Are there any changes needed in the RADIUS configuration (System > Configuration -> Radius)? > > What’s with “PKI SSL Certificates”, do I need to add the internal PKIs CA > there? > > > > Some additional thoughts: I can already see the devices I’d like to manage > via EAP-TLS in my nodes list because of their DHCP broadcasts. Will these > nodes then somehow be connected to the certificates issued by the internal > PKI? > > > > Thanks and kind regards > > Johannes > > > *Johannes Mudrich* > Mitarbeiter > IT > > Altmark-Klinikum gGmbH > Ernst-von-Bergmann-Straße 22 > 39638 Gardelegen > > Tel.: 03907 791229 > Fax.: 03907 791248 > Mail: j.mudr...@altmark-klinikum.de > > > > > <https://www.salusaltmarkholding.de> <https://www.salusaltmarkholding.de/> > > Salus Altmark Holding gGmbH > Tel.: +49 39325700 > Sitz der Gesellschaft: > Seepark 5 | 39116 Magdeburg > www.salusaltmarkholding.de > <https://www.instagram.com/salusaltmarkholding/> > <https://www.instagram.com/salusaltmarkholding/> > <https://www.facebook.com/SalusAltmarkHolding> > <https://www.facebook.com/SalusAltmarkHolding> > <https://de.linkedin.com/company/salus-ggmbh> > <https://de.linkedin.com/company/salus-ggmbh> > <https://www.xing.com/pages/salusaltmarkholdingggmbh> > <https://www.xing.com/pages/salusaltmarkholdingggmbh> > <https://www.youtube.com/user/SALUSgGmbH> > <https://www.youtube.com/user/SALUSgGmbH> > Registergericht: AG Stendal: HRB 112594 > Geschäftsführer: Jürgen Richter > Aufsichtsratsvorsitz: Wolfgang Beck > Gemäß Art. 13 DSGVO informieren wir darüber, dass Ihre Daten elektronisch > gespeichert werden. Nähere Informationen: > www.salusaltmarkholding.de/datenschutz > Ab Januar 2022 nehmen wir keine Mails mit doc-, xls- und ppt-Anhängen mehr > an. > Bitte verwenden Sie die aktuellen Office-Formate docx, xlsx, pptx oder pdf. > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
