It does not allow me to configure
- Radsec Trusted CA Name
and
- Radsec Server Cert Name
(Hope i got you correct)
If i try to it throws the message:
radsec-trusted-ca-cert-name is configured. Please unconfigure with "no radsec-trusted-ca-cert-name" and then configure "radsec-trusted-server-cert-name"
If i configure:
- the CAs Certificate (uploaded as Trusted CA) friendly name as Radsec Trusted CA Name
OR
- the Radsec proxys certificate (uploaded as public cert) friendliy name as Radsec Server Cert
AND
- controllers certifcate(Uploaded as Server cert) fiendly name as Radius Client Cert
...it accepts my configuration - but does not work. :-(
I got this explaniation from SE:
- For the controller to authenticate the Radsec Server, there are two options:
=> If Radsec server uses a certificate signed by a CA, then the CA certificate should be uploaded as a "Trusted CA".
=> If Radsec server uses a self-signed certificate, then that certificate should be uploaded as a "PublicCert"
on the controller.
- The controller also needs to send a TLS client certificate to the Radsec server. For this there are two options.
=> Upload a certificate on the controller as "ServerCert" and configure Radsec to use it. Also, the necessary configuration must be made on the Radsec server so that it accepts the controller's certificate.
Note: The term "ServerCert" is used here as traditionally Aruba controllers act as TLS servers (for webUI access for example). It is actually used as a TLS client certificate by the controller in this case.