<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >Obtaining Certificates</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="802.1X Port-Based Authentication HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Introduction" HREF="intro.html"><LINK REL="NEXT" TITLE="Authentication Server: Setting up FreeRADIUS" HREF="freeradius.html"></HEAD ><BODY CLASS="sect1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >802.1X Port-Based Authentication HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="intro.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="freeradius.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="sect1" ><H1 CLASS="sect1" ><A NAME="cert" ></A >2. Obtaining Certificates</H1 ><DIV CLASS="note" ><P ></P ><TABLE CLASS="note" WIDTH="100%" BORDER="0" ><TR ><TD WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD ALIGN="LEFT" VALIGN="TOP" ><P >OpenSSL must be installed to use either EAP-TLS, EAP-TTLS, or PEAP!</P ></TD ></TR ></TABLE ></DIV ><P > When using EAP-TLS, both the Authentication Server and all the Supplicants (clients) need certificates [<A HREF="http://www.ietf.org/rfc/rfc2459.txt" TARGET="_top" >RFC2459</A >] . Using EAP-TTLS or PEAP, only the Authentication Server requires certificates; Supplicant certificates are optional. </P ><P > You get certificates from the local certificate authority (CA). If there is no local CA available, <SPAN CLASS="application" >OpenSSL</SPAN > may be used to generate self-signed certificates. </P ><P > Included with the <SPAN CLASS="application" >FreeRADIUS</SPAN > source are some helper scripts to generate self-signed certificates. The scripts are located under the <TT CLASS="filename" >scripts/</TT > folder included with the <SPAN CLASS="application" >FreeRADIUS</SPAN > source: </P ><P > <TT CLASS="filename" >CA.all</TT > is a shell script that generates certificates based on some questions it ask. <TT CLASS="filename" >CA.certs</TT > generates certificates non-interactively based on pre-defined information at the start of the script. </P ><DIV CLASS="note" ><P ></P ><TABLE CLASS="note" WIDTH="100%" BORDER="0" ><TR ><TD WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD ALIGN="LEFT" VALIGN="TOP" ><P > The scripts uses a Perl script called <TT CLASS="filename" >CA.pl</TT >, included with OpenSSL. The path to this Perl script in <TT CLASS="filename" >CA.all</TT > and <TT CLASS="filename" >CA.certs</TT > may need to be changed to make it work. </P ></TD ></TR ></TABLE ></DIV ><DIV CLASS="tip" ><P ></P ><TABLE CLASS="tip" WIDTH="100%" BORDER="0" ><TR ><TD WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG SRC="../images/tip.gif" HSPACE="5" ALT="Tip"></TD ><TD ALIGN="LEFT" VALIGN="TOP" ><P > More information on how to generate your own certificates can be found in the <A HREF="http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/" TARGET="_top" >SSL certificates HOWTO</A >. </P ></TD ></TR ></TABLE ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="intro.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="freeradius.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Introduction</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Authentication Server: Setting up FreeRADIUS</TD ></TR ></TABLE ></DIV ></BODY ></HTML >