vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

T4245: interface-eapol: Update for VyOS 1.4 PKI changes and parent CA behavior

Browse Source 
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
This commit is contained in:
Andrew Gunnerson 2022-02-17 19:28:32 -05:00
parent 658426dd30
commit 9fd5f53bbe
No known key found for this signature in database
GPG Key ID: 14200B173D8A3BF5
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
docs/_include/interface-eapol.txt
View File

@ -7,31 +7,35 @@ EAPoL comes with an identify option. We automatically use the interface MAC
address as identity parameter. address as identity parameter.
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} eapol ca-cert-file <file> {{ var5 }} {{ var6 }} eapol ca-certificate <name>
SSL :abbr:`CA (Certificate Authority)` x509 PEM file used afor authentication Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for
of the remote side. authentication of the remote side. If an intermediate CA certificate is
specified, then all parent CA certificates that exist in the PKI, such as the
root CA or additional intermediate CAs, will automatically be used during
certificate validation to ensure that the full chain of trust is available.
Example:
.. code-block:: none .. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol ca-cert-file /config/auth/ca.pem set pki ca eapol-server-intermediate-ca <Server intermediate CA contents>
set pki ca eapol-server-root-ca <Server root CA contents>
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol ca-certificate eapol-server-intermediate-ca
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} .. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }}
{{ var5 }} {{ var6 }} eapol cert-file <file> {{ var5 }} {{ var6 }} eapol certificate <name>
SSL/x509 public certificate file provided by the client to authenticate Set the name of the x509 client keypair used to authenticate against the
against the 802.1x system. 802.1x system. All parent CA certificates of the client certificate, such as
intermediate and root CAs, will be sent as part of the EAP-TLS handshake.
Example:
.. code-block:: none .. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol cert-file /config/auth/public.pem set pki ca eapol-client-intermediate-ca <Client intermediate CA contents>
set pki ca eapol-client-root-ca <Client root CA contents>
.. cfgcmd:: set interfaces {{ var0 }} <interface> {{ var2 }} {{ var3 }} set pki certificate eapol-client certificate <Client certificate contents>
{{ var5 }} {{ var6 }} eapol key-file <file> set pki certificate eapol-client private key <Client private key contents>
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol certificate eapol-client
SSL/x509 private certificate file provided by the client to authenticate
against the 802.1x system.
.. code-block:: none
set interfaces {{ var0 }} {{ var1 }} {{ var2 }} {{ var4 }} {{ var5 }} {{ var7 }} eapol key-file /config/auth/private.key