| 1195 | | During install of freeradius, certificates are probably auto generated see "/etc/freeradius/certs" folder. These are needed for the eduroam idP part to allow locally authentication of the @wleiden.net realm. However these certificates are made with a common/default credentials but they can also be made again/customized by running the ./bootstrap command and editing the *.cnf (ca, client, server)files to fit your institution/identity. See /usr/share/doc/freeradius/examples/certs/. Bootstrap will probably not run for a second time so move/delete all other files excepts these: bootstrap ca.cnf client.cnf README server.cnf xpextensions |
| 1196 | | |
| 1197 | | |
| 1198 | | TODO Which public certificate files needs to be distributed to the users for their supplicants? |
| | 1195 | During install of freeradius, certificates are probably auto generated see "/etc/freeradius/certs" folder. These are needed for the eduroam idP part to allow locally authentication of the @wleiden.net realm. However these certificates are made with a common/default credentials but they can also be made again/customized by running the ./bootstrap command and editing the *.cnf (ca, client, server)files to fit your institution/identity. See /usr/share/doc/freeradius/examples/certs/. Bootstrap will probably not run for a second time so move/delete all other files excepts these: bootstrap ca.cnf client.cnf README server.cnf xpextensions. |
| | 1196 | |
| | 1197 | For editing/customizing the *.cnf files make sure the "server.cnf" and "client.cnf" have a different "commonname" at the end of their files otherwise database TXTDB 2 error. |
| | 1198 | |
| | 1199 | The server.pem file is the one that needs to be distributed/deployed among the eduroam users to correctly setup their supplicants for savely logging in. Also the ca.pem needs to be converted by osx to cer to be used by windows. The pem file we deliver needs to be stripped of bag attributes and PRIVATEKEY? Windows mac use different formats? |
