freeradius eap-ttls user/pass + cert
I had been planning to configure freeradius to be able to authenticate users
by username/password from users-file.
1. I followed the readme-file under certs and made ca, server and client
MARK: README states that one has to delete index.txt and serial files, but
these are needed when creating new certificates, and have to be recreated
prior to generating new certificates!?
2. configured ttls/server cert password in eap.conf and everything worked
fine. Then I read somewhere that username/password authentication alone is
not secure as some information is passed in clear text?!
So I decided to add extra protection by using certificates in addition to
username/password. That's where problems started.
I added "EAP-TLS-Require-Client-Cert = Yes" in "authorize-section" the
default-site in sites-enabled.
using Fedora 16 as client, I now had to use certificate, I added earlier
created client.pem, but server fails to authenticate with message "unknown
ca cert", I also tried to use ca.pem, but with negative result.
What could the problem be?
I'll gladly post any config-files/logs on request.