Step1: MAKING A CLIENT CERTIFICATE
Client certificates are used by EAP-TLS, and optionally by EAP-TTLS
and PEAP. The following steps outline how to create a client
certificate that is signed by the server certificate created above.
You will have to have the password for the server certificate in the
"input_password" and "output_password" fields of the server.cnf file.
$ vi client.cnf
Edit the "input_password" and "output_password" fields to be the
password for the client certificate. You will have to give these
passwords to the end user who will be using the certificates.
Edit the [client] section to have the correct values for your
country, state, etc. Be sure that the commonName field here is
the User-Name that will be used for logins!
$ make client.pem
The users certificate will be in "emailAddress.pem",
To create another client certificate, just repeat the steps for
making a client certificate, being sure to enter a different login
name for "commonName", and a different password.
Step2: IMPORT ROOTCA, and Client Certificate/以Fedora16為例:
- 安全性: WPA&WPA2 EnterpriseNote: ca.pem and client.p12是產生ROOTCA與Client Certificate時所一併產生的，所在的目錄是/etc/raddb/certs/
- 驗證: TLS
- 識別: commonName
- CA: ca.pem
- 私密金鑰: client.p12
- 私密金鑰密碼: "input_password" and "output_password"