(CATOOL) Re: CATool evaluation software downloaded
Mike McCauley
mikem at open.com.au
Thu Sep 6 07:03:18 CDT 2007
Hello Sergei,
It is not necessary to use certificates in order to implement just WPA. You
only need certificates if you are planning to use a TLS based authenticaiton
protocol, such as EAP-TLS, EAP-TTLS or PEAP.
If you are using one of these EAP protocol for secure authentication in a
wireless network, then you need to generate a 'server certificate' for each
Radius server. In order to do this you will need to create (and sign) a
Radius server-specific certificate using CATool.
Use the following steps:
1. Log in to CAtool.
2. Make sure your CAtool user has SIGNER responsibility:
2a Click on User Administration
2b Modify user catool
2c Enable Signer checkbox
2d Enter your password
2e Click on Save Changes
2f Click on "return to Main Menu'
3. Create a new certificate request:
3a Click on 'Submit a new request'
3b Enter information about the certificate. Make sure you set 'Name of Cert
Holder' to the DNS name of the radius server
3c Make sure 'Certificate Type' is set to 'EAP-TLS Server'
3d Click on Submit
3e When you see the new cert request, click on 'Download Key', save the key
to a file. This is the SERVER PRIVATE KEY FILE. It is not password encrypted.
4. Sign the certificate
4a While still looking at the certificate request page, enter your password
and click on 'Sign Certificate'
4b See the new public certificate for the server. IN Cert Action at the
bottom of the page, Select Format PEM and click on download. Save the file.
This is the SERVER CERTIFICATE FILE
5. Export the root certificate from CATool:
5a Click on Main Menu
5b Click on 'View Directory of Certificates'
5c Find the 'Root certificagte for CATool, it will be show in italics and
include the company name. select download format PEM and click on Download.
Save this file. This is the ROOT CERTIFICATE.
6. Configure Radiator. In the AuthBy clauses that require TLS server
certificates:
6a Set EAPTLS_CAFile to the ROOT CERTIFICATE
6b Set EAPTLS_CertificateFile to the SERVER CERTIFICATE FILE
6c Set EAPTLS_CertificateType PEM
6d EAPTLS_PrivateKeyFile to the SERVER PRIVATE KEY FILE
On Thursday 06 September 2007 20:46, Nicola Wassell wrote:
> Hello Sergei
>
> I have passed your question on to our technical support team. To avoid
> delay, please post technical questions directly to the CATool Mailing list
> where they will be attended to promptly:
>
> http://www.open.com.au/mailing.html
>
> Kind regards, Nicola
>
> ________________________________________
> From: Sergei Keler [mailto:skiller at gdc.ru]
> Sent: Thursday, 6 September 2007 5:45 PM
> To: Nicola Wassell
> Subject: Re: CATool evaluation software downloaded
>
> Thanks a lot.
> Can you refer me to some howtos for using catool/radiator for WPA with
> step-by-step instructions and examples?
>
>
> С уважением,
>
> Sergei Keler
> General DataComm
> E-Mail skiller at gdc.ru, Тел. +7(812)325-1085, Факс +7(812)325-1086
>
> On Sep 6, 2007, at 3:19 AM, Nicola Wassell wrote:
>
>
> Hello Sergei
>
> We are pleased to note that you have downloaded the evaluation software of
> CATool certificate authority.
>
> If you need technical assistance, we recommend that you:
>
> - check the online Reference material at
> http://www.open.com.au/catool/documentation.html
>
> - subscribe to the CATool Mailing List where you will receive prompt
> attention from our technical support team and members of the user community
> may also contribute:
> http://www.open.com.au/mailing.html
>
> I will contact you during the evaluation period however please contact us
> if we can be of assistance while you evaluate the product against your
> selection criteria.
>
> Regards,
>
> Nicola Wassell
> Open System Consultants
> 9 Bulbul Place, Currumbin Waters QLD 4223 Australia http://www.open.com.au
> Phone +61 7 5598 7474 Fax +61 7 5598 7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Archive at http://www.open.com.au/archives/catool/
Announcements on catool-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe catool' in the body of the message.
More information about the catool
mailing list