[RADIATOR] Thawte Intermediate certificates
Heikki Vatiainen
hvn at open.com.au
Wed Feb 16 15:48:37 CST 2011
On 02/16/2011 07:01 PM, Carl Gibbons wrote:
> I was given a file named SSL_CA_Bundle.pem containing intermediate
> certificates necessary for our new Radiator SSL cert from Thawte.
> What to do with these? Our installation is on RHEL5.
>
> I tried putting them in the .pem file specified by the
> EAPTLS_CertificateFile directive keyword in our config, but that
> didn't work. A colleague suggested they may need to go in
> /etc/pki/tls/certs/ca-bundle.crt, but I don't have the extra
> information about the intermediate certs that I see in that file.
Do this:
EAPTLS_CAFile /path/to/certs/SSL_CA_Bundle.pem
EAPTLS_CertificateType PEM
EAPTLS_CertificateFile /path/to/certs/server-cert.pem
EAPTLS_PrivateKeyFile /path/to/certs/server-key.pem
# If the key is password protected
# EAPTLS_PrivateKeyPassword key-password
The path "/path/to/certs" can be anything. Some people use
/etc/radiator, /etc/radius or /etc/radiator/certs. In many cases it is
the same directory where Radiator configuration lies.
You mention "Radiator SSL cert from Thawte". This is what goes into
EAPTLS_CertificateFile and the cert's private key goes to
EAPTLS_PrivateKeyFile. The bundle goes into EAPTLS_CAFile.
This should enable Radiator to send the clients its own cert and all
required CA certificates. The bundle can also contain the root CA, but
the intermediates should be enough.
Best regards,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list