(CATOOL) Re: CATool evaluation software downloaded

Mike McCauley mikem at open.com.au
Thu Sep 6 07:03:18 CDT 2007 

Hello Sergei,

It is not necessary to use certificates in order to implement just WPA. You 
only need certificates if you are planning to use a TLS based authenticaiton 
protocol, such as EAP-TLS, EAP-TTLS or PEAP.

If you are using one of these EAP protocol for secure authentication in a 
wireless network, then you need to generate a 'server certificate' for each 
Radius server. In order to do this you will need to create (and sign) a 
Radius server-specific certificate using CATool.

Use the following steps:

1. Log in to CAtool.
2. Make sure your CAtool user has SIGNER responsibility:
 2a Click on User Administration
 2b Modify user catool
 2c Enable Signer checkbox
 2d Enter your password
 2e Click on Save Changes
 2f Click on "return to Main Menu'
3. Create a new certificate request:
 3a Click on 'Submit a new request'
 3b Enter information about the certificate. Make sure you set 'Name of Cert
 Holder' to the DNS name of the radius server
 3c Make sure 'Certificate Type' is set to 'EAP-TLS Server'
 3d Click on Submit
 3e When you see the new cert request, click on 'Download Key', save the key 
 to a file. This is the SERVER PRIVATE KEY FILE. It is not password encrypted.
4. Sign the certificate
 4a While still looking at the certificate request page, enter your password
 and click on 'Sign Certificate'
 4b See the new public certificate for the server. IN Cert Action at the
 bottom of the page, Select Format PEM and click on download. Save the file.
 This is the SERVER CERTIFICATE FILE
5. Export the root certificate from CATool:
 5a Click on Main Menu
 5b Click on 'View Directory of Certificates'
 5c Find the 'Root certificagte for CATool, it will be show in italics and
 include the company name. select download format PEM and click on Download.
 Save this file. This is the ROOT CERTIFICATE.
6. Configure Radiator. In the AuthBy clauses that require TLS server
 certificates:
 6a Set EAPTLS_CAFile to the  ROOT CERTIFICATE
 6b Set EAPTLS_CertificateFile to the SERVER CERTIFICATE FILE
 6c Set EAPTLS_CertificateType PEM
 6d EAPTLS_PrivateKeyFile to the SERVER PRIVATE KEY FILE


On Thursday 06 September 2007 20:46, Nicola Wassell wrote:
> Hello Sergei
>
> I have passed your question on to our technical support team. To avoid
> delay, please post technical questions directly to the CATool Mailing list
> where they will be attended to promptly:
>
> http://www.open.com.au/mailing.html
>
> Kind regards, Nicola
>
> ________________________________________
> From: Sergei Keler [mailto:skiller at gdc.ru]
> Sent: Thursday, 6 September 2007 5:45 PM
> To: Nicola Wassell
> Subject: Re: CATool evaluation software downloaded
>
> Thanks a lot.
> Can you refer me to some howtos for using catool/radiator for WPA with
> step-by-step instructions and examples?
>
>
> С уважением,
>
> Sergei Keler
> General DataComm
> E-Mail skiller at gdc.ru, Тел. +7(812)325-1085, Факс +7(812)325-1086
>
> On Sep 6, 2007, at 3:19 AM, Nicola Wassell wrote:
>
>
> Hello Sergei
>
> We are pleased to note that you have downloaded the evaluation software of
> CATool certificate authority.
>
> If you need technical assistance, we recommend that you:
>
> - check the online Reference material at
> http://www.open.com.au/catool/documentation.html
>
> - subscribe to the CATool Mailing List where you will receive prompt
> attention from our technical support team and members of the user community
> may also contribute: 
> http://www.open.com.au/mailing.html
>
> I will contact you during the evaluation period however please contact us
> if we can be of assistance while you evaluate the product against your
> selection criteria.
>
> Regards,
>
> Nicola Wassell
> Open System Consultants
> 9 Bulbul Place, Currumbin Waters QLD 4223 Australia http://www.open.com.au
> Phone +61 7 5598 7474 Fax +61 7 5598 7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/catool/
Announcements on catool-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe catool' in the body of the message.

More information about the catool mailing list