FreeRadius2 EAP-TLS
-
I am working on getting FreeRadius setup for WPA2 Enterprise. I have followed the instructions here (https://doc.pfsense.org/index.php/Using_EAP_and_PEAP_with_FreeRADIUS) and have PEAP working, now I am trying to get EAP-TLS working.
I am pushing my certs to an iPhone via Apple Configurator (when I specify PEAP it works fine). When I specify EAP-TLS and give it the proper certs it does not work.
In the FreeRadius EAP settings I have Choose Cert Manager checked which should use the Firewall Cert manager (this is where I have created all my certs) and I have selected the proper certs.
When I look at the eap.conf file it looks to me like it is not using the pfSense Cert Manager and the certs I have created and instead is using the FreeRadius certs.
Does anyone know how to get EAP-TLS to use the pfSense certificate manager?
An excerpt from eap.conf:
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server_key.pem
certificate_file = ${certdir}/server_cert.pem
CA_file = ${cadir}/ca_cert.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
fragment_size = 1024
include_length = yes
check_crl = no
CA_path = ${cadir}and from radiusd.conf: confdir = ${raddbdir}
-
Looking more closely it looks like it did copy my certs in to this directory, but didn't remove: "private_key_password = whatever" from the eap.conf.
I have tried manually commenting that out and will test.