* Steps to enable EAP-TLS
** 1. Generate CA files
$ cd /usr/lib/ssl/misc/ $ su $ ./CA.pl -newca, follow the steps to generate certificate in ./demoCA directory
** 2. Generate server side certificate
$ openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf $ openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem $ cat srv_key.pem srv_cert.pem > srv_keycert.pem
** 3. Generate client side certificate
$ openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf $ openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem $ openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts
** 4. Generate 2 required files that TLS needs
$ openssl dhparam -check -text -5 512 -out dh $ dd if=/dev/urandom of=random count=2
** 5. put srv_keycert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
** 6. put cacert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
random_file = ${certdir}/random (the output of STEP 4)
** 9. Restart freeradius server
$ sudo /usr/sbin/freeradius -X** 10. Configure Android Device to Test EAP-TLS - $ adb push /usr/lib/ssl/misc/cli_cert.p12 /sdcard/Download (generate in STEP 3) - Goto Settings -> Location & Security -> Install from SD card on android device - Click on cli_cert.p12 file - Enter the password to extract the certificates when prompted
= Building Gecko/Gaia =
