diff options
| author | Jim P <jim@pingle.org> | 2011-12-28 05:19:54 -0800 |
|---|---|---|
| committer | Jim P <jim@pingle.org> | 2011-12-28 05:19:54 -0800 |
| commit | fe991e5789aa214bd7165b605d26bd1937c107cc (patch) | |
| tree | 7b0cc25691926292a06c0fcceca61f4415f08001 /config/freeradius2/freeradiuseapconf.xml | |
| parent | 510946c4642fb1cabf2f82651fac6fbd4322ba12 (diff) | |
| parent | 031e374ffe1539ed315298c9a101996b195e610e (diff) | |
| download | pfsense-packages-fe991e5789aa214bd7165b605d26bd1937c107cc.tar.gz pfsense-packages-fe991e5789aa214bd7165b605d26bd1937c107cc.tar.bz2 pfsense-packages-fe991e5789aa214bd7165b605d26bd1937c107cc.zip | |
Merge pull request #159 from Nachtfalkeaw/master
Integrated pfsense Cert Manager into freeradius
Diffstat (limited to 'config/freeradius2/freeradiuseapconf.xml')
| -rw-r--r-- | config/freeradius2/freeradiuseapconf.xml | 73 |
1 files changed, 32 insertions, 41 deletions
diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index 40b161f8..495a61ee 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -143,53 +143,44 @@ <type>listtopic</type> </field> <field> - <fielddescr>Private Key Password</fielddescr> - <fieldname>vareapconfprivatekeypassword</fieldname> - <description><![CDATA[Enter the password of the private key. This is the password which you have to choose in "Certificates" tab.<br> - This field could be empty. (Default: whatever)]]></description> - <type>password</type> - <default_value>whatever</default_value> - </field> - <field> - <fielddescr>Server Private Key File</fielddescr> - <fieldname>vareapconfprivatekeyfile</fieldname> - <description><![CDATA[Enter the filename of the private key file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: server.pem)<br> - <b>TIP:</b> You could use "SYSTEM-> Cert Manager" instead of the freeradius Cert script.<br> - You just have to export it there and copy it in the freeradius certs folder.]]></description> - <type>input</type> - <default_value>server.pem</default_value> - </field> - <field> - <fielddescr>Server Certificate File</fielddescr> - <fieldname>vareapconfcertificatefile</fieldname> - <description><![CDATA[Enter the filename of the server certificate file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: server.pem)<br> - <b>TIP:</b> You could use "SYSTEM-> Cert Manager" instead of the freeradius Cert script.<br> - You just have to export it there and copy it in the freeradius certs folder.]]></description> - <type>input</type> - <default_value>server.pem</default_value> + <fielddescr>Choose your Cert Manager</fielddescr> + <fieldname>vareapconfchoosecertmanager</fieldname> + <description><![CDATA[Choose your Cert manager. By default it is the freeradius cert manager because the server needs some default certs to start service. For more information take al look at "Certificates"-Tab.<br> + To use the pfsense Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager). (Default: freeRADIUS)]]></description> + <type>select</type> + <default_value>radiuscertmgr</default_value> + <options> + <option><name>freeRADIUS Cert Manager (not recommended)</name><value>radiuscertmgr</value></option> + <option><name>pfSense Cert Manager (recommended)</name><value>pfsensecertmgr</value></option> + </options> </field> <field> - <fielddescr>CA File</fielddescr> - <fieldname>vareapconfcafile</fieldname> - <description><![CDATA[Enter the filename of the CA file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: server.pem)<br> - <b>TIP:</b> You could use "SYSTEM-> Cert Manager" instead of the freeradius Cert script.<br> - You just have to export it there and copy it in the freeradius certs folder.]]></description> - <type>input</type> - <default_value>ca.pem</default_value> + <fielddescr>SSL CA Certificate</fielddescr> + <fieldname>ssl_ca_cert</fieldname> + <description><![CDATA[Choose the SSL CA Certficate here which you created with the pfSense Cert Manager.<br> + Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> + <type>select_source</type> + <source><![CDATA[freeradius_get_ca_certs()]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> </field> <field> - <fielddescr>DH File</fielddescr> - <fieldname>vareapconfdhfile</fieldname> - <description><![CDATA[Enter the filename of the DH file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: dh)]]></description> - <type>input</type> - <default_value>dh</default_value> + <fielddescr>SSL Server Certificate</fielddescr> + <fieldname>ssl_server_cert</fieldname> + <description><![CDATA[Choose the SSL Server Certficate here which you created with the pfSense Cert Manager.<br> + Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> + <type>select_source</type> + <source><![CDATA[freeradius_get_server_certs()]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> </field> <field> - <fielddescr>Random File</fielddescr> - <fieldname>vareapconfrandomfile</fieldname> - <description><![CDATA[Enter the filename of the random file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: random)]]></description> - <type>input</type> - <default_value>random</default_value> + <fielddescr>Private Key Password</fielddescr> + <fieldname>vareapconfprivatekeypassword</fieldname> + <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reaading the certificate.<b> + The certificates created by pfSense Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description> + <type>password</type> + <default_value>whatever</default_value> </field> <field> <name>EAP-TLS with OCSP support</name> |