EasyManua.ls Logo

GE Multilin 869 - Page 792

Default Icon
870 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
A-4 8 SERIES PROTECTIVE RELAY PLATFORM – COMMUNICATIONS GUIDE
SETTING UP A SIMPLE RADIUS SERVER CHAPTER A: RADIUS SERVER AND CERTIFICATES
openssl x509 –req –days 3650 –in server.csr –CA ca.crt –CAkey
ca.key –set_serial 01 –out server.crt
Transfer Certificates to Server
Copy the following files,
•server.key
•server.crt
•ca.crt
onto the FreeRADIUS.net server under the directory containing the certificates.
In this example the directory is located under the path:
<Path_to_Radius>\etc\raddb\certs\FreeRADIUS.net\DemoCerts>
Radius Server Configuration
Modify the following .GE and .CONF files to configure the RADIUS server.
RADIUSD.CONF
Locate the “bind_address” field and set it to your RADIUS server’s IP address in the
radiusd.conf file.
USERS.CONF
Add the users in the users.conf file.
The file is available under the <Path_to_Radius>\etc\raddb directory.
Adding the following text configures a user “Tester” which has an “Administrator” role.
Tester:
->User-Password == “Testing1!1”
->GE-UR-Role = Administrator
CLIENTS.CONF
Add the clients in the clients.conf file.
The file is available under the <Path_to_Radius>\etc\raddb directory.
Definitions
x509 This term is used to add a digital signature to the certificate.
-req With this option, a certificate request is expected instead of the certificate (by default).
-in Specifies the input file from which the certificate is read.
-CA
Specifies the CA certificate to be used for signing.
When the -CA option is present, x509 behaves like a “mini CA”. The input file is signed
by this CA using this option. The issuer name is set to the subject name of the CA and
it is digitally signed using the CA’s private key. This option is normally combined with
the –req option. Without the –req option, the input is a certificate which must be self-
signed.
-CAkey
When the -CA option is used to sign a certificate, it uses a serial number specified in a
file. This file consists of one line containing an even number of hex digits with the
serial number to use. After each use, the serial number is incremented and written out
to the file again.
-set_serial Specifies the serial number to use.
-out Specifies the output file to write to.
–days Specifies the number of days the certificate is valid.

Table of Contents

Related product manuals