[RADIATOR] SHA256 certificates for PEAP Authentication
Heikki Vatiainen
hvn at open.com.au
Thu Aug 27 12:24:02 CDT 2015
On 08/27/2015 06:19 PM, Mr. Christopher Bland wrote:
> We are currently running Radiator 4.11 on a RedHat Enterprise Linux
> v 6.4 server. I have found a couple of notes relating to newer
> version Radiator and SHA2 support. Will we be required to upgrade
> from Radiator 4.11 in order to support SHA2 certificates?
In general, the need to upgrade depends on the OpenSSL/LibreSSL or
whatever the system SSL/TLS library is. Radiator just tells the library
to load the certificates so Radiator does not need to process them directly.
I just gave Radiator 4.11 on Centos 6.7 a try. Radiator was configured
for PEAP with SHA256/RSA 2048 certificates that come with Radiator 4.14
and 4.15. The client was eapol_test. Everything seemed to work fine.
I think with RHEL 5 there were problems with encrypted secret keys, but
this was related to how the key was encrypted. In fact, there's a change
log entry for 4.14 release that describes this better. Look for 'PKCS#8'
for more info:
http://www.open.com.au/radiator/history.html
Since CentOS 6.7 works, there's a good chance that RHEL 6.4 works too.
If you download the current Radiator version, you can give 4.11 a try
with the test certs that come with 4.15. If you are changing your
configuration, you may want to see the change log and consider upgrading
to the latest version too.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list