3.1.3 Generating a Certificate Signing Request and a Public Certificate

Perform the following steps to generate the Certificate Signing Request (CSR) and public certificate:

  1. Generate the CSR using the server key (server.key) and using the openssl req -new -key server.key -out server.csr command.
  2. Self-sign the certificate using the CA certificate and generate the public key using the openssl x509 -req -days 365 -in server.csr -CA winc_root.crt -CAkey winc_root.key -set_serial 01 -out server.crt command.

    The above-generated certificates (server.crt, server.key and winc_root.cer) are used for server authentication. During server authentication, server.crt and server.key are used by the RADIUS server. The root certificate winc_root.cer is flashed into the ATWINC using the root certificate downloader.

Figure 3-1. Certificates Required for EAP-TTLS with MSCHAPv2 and EAP-PEAPv0/1 MSCHAPv2
  1. server.crt must be signed by winc_root.cer
Note:
  • Server authentication requires server.key and winc_root.cer certificates.
  • Client authentication does not use a certificate.