1 This directory contains scripts to create the server certificates.
2 To make a set of default (i.e. test) certificates, simply type:
6 The "openssl" command will be run against the sample configuration
7 files included here, and will make certificates for a certificate
8 authority (i.e. root CA), and a server certificate.
10 The Microsoft "XP Extensions" will be automatically included in the
11 server certificate. Without those extensions Windows clients will
12 refuse to authenticate to FreeRADIUS.
14 When deploying the server in a real environment (i.e. NOT a test
15 environment), perform the following steps in this directory
19 This command removes all of the "test" certificates.
22 MAKING A ROOT CERTIFICATE
27 Edit the "input_password" and "output_password" fields to be the
28 password for the CA certificate.
30 Edit the [certificate_authority] section to have the correct values
31 for your country, state, etc.
35 This step creates the CA certificate.
38 MAKING A SERVER CERTIFICATE
43 Edit the "input_password" and "output_password" fields to be the
44 password for the server certificate.
46 Edit the [server] section to have the correct values for your
47 country, state, etc. Be sure that the commonName field here is
48 different from the commonName for the CA certificate.
52 This step creates the server certificate.
54 If you want to create client certificates, such as for EAP-TLS,
55 perform the following steps.
58 MAKING A CLIENT CERTIFICATE
63 Edit the "input_password" and "output_password" fields to be the
64 password for the client certificate. You will have to give these
65 passwords to the end user who will be using the certificates.
67 Edit the [client] section to have the correct values for your
68 country, state, etc. Be sure that the commonName field here is
69 the User-Name that will be used for logins!
71 $ make clean client.pem
73 The users certificate will be in "commonName.pem",
74 i.e. "user@example.com.pem".
76 To create another client certificate, just repeat the steps for
77 making a client certificate, being sure to enter a different login