-1

I have root and intermediate certificate, and I need to create the certificate which I need to install on RADIUS server. However, I don't have clear idea in my head about this. Here are my questions:

  1. How to create the certificate? Do I first need to create public/private key which then I need to sign with Root or Intermediate certificate?

  2. Would this certificate be the "server certificate"?

  3. Which certificate goes on the RADIUS server?

Quirik
  • 99
  • 2

2 Answers2

1

Not sure how your RADIUS product handles cert request/install in particular, but the general step is

  1. generate CSR (either from RADIUS app itself or from the system it runs on)
  2. submit CSR to CA
  3. CA issue cert
  4. install cert to RADIUS (also install root CA certificate if it's not yet trusted by your RADIUS)

Exact steps should be found in your RADIUS document.

strongline
  • 620
  • 3
  • 10
  • What RADIUS does with such certificate? Is this certificate being sent to the client? – Quirik Nov 07 '22 at 16:20
  • as any other scenario, RADIUS can use a cert for authentication, encryption, and/or signing – strongline Nov 07 '22 at 17:10
  • For example, Passpoint profile for Android includes the X.509 certificate (https://source.android.com/docs/core/connect/wifi-passpoint#file_composition), even if TTLS is used. I know that TTLS doesn't need the client certificate. Therefore, what is the purpose of certificate in such case? – Quirik Nov 07 '22 at 18:04
0

I think the self-signed SSL certificate work in Radius server, you can find multiple reading resources in Google to create the self-signing certificate.

Check this official technical guide.

The SSL Installation Sequence will be as following

  1. Create the SSL Certificate (Self-signed), if you do not aware of the steps, you can get an SSL from trusted SSL Providers (Comodo, Sectigo, CheapSSLWeb, Certera).
  2. Generate the CSR and Private Key Files
  3. Root and Intermediate Certificate will be installed saperately
  4. The Self-Signed Certificate which you have created (also called as Server-Certificate) will go in the Radius.
Eden Allen
  • 1
  • 1