diff options
-rw-r--r-- | config/freeradius2/freeradiuseapconf.xml | 66 |
1 files changed, 60 insertions, 6 deletions
diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index ff50dbc4..08750f35 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -167,7 +167,14 @@ <b>cheked</b>: pfSense Cert-Manager (recommended)]]></description> <type>checkbox</type> <default_value>radiuscertmgr</default_value> - <enablefields>ssl_ca_cert,ssl_server_cert</enablefields> + <enablefields>ssl_ca_cert,ssl_server_cert,vareapconfenableclientp12</enablefields> + </field> + <field> + <fielddescr>Private Key Password</fielddescr> + <fieldname>vareapconfprivatekeypassword</fieldname> + <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by pfSense Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description> + <type>password</type> + <default_value>whatever</default_value> </field> <field> <fielddescr>SSL CA Certificate</fielddescr> @@ -190,11 +197,21 @@ <source_value>refid</source_value> </field> <field> - <fielddescr>Private Key Password</fielddescr> - <fieldname>vareapconfprivatekeypassword</fieldname> - <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by pfSense Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description> - <type>password</type> - <default_value>whatever</default_value> + <fielddescr>Create client.p12 for export</fielddescr> + <fieldname>vareapconfenableclientp12</fieldname> + <description><![CDATA[Choose if you would like to create a client.p12 to export it to a windows client. You need this file if you use EAP-TLS.]]></description> + <type>checkbox</type> + <enablefields>ssl_client_cert</enablefields> + </field> + <field> + <fielddescr>SSL Client Certificate</fielddescr> + <fieldname>ssl_client_cert</fieldname> + <description><![CDATA[Choose the SSL Client Certficate here which you created with the pfSense Cert Manager.<br> + Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> + <type>select_source</type> + <source><![CDATA[freeradius_get_server_certs()]]></source> + <source_name>descr</source_name> + <source_value>refid</source_value> </field> <field> <name>EAP-TLS</name> @@ -218,6 +235,43 @@ <type>input</type> <default_value>1024</default_value> </field> + <field> + <fielddescr>Check Cert Issuer</fielddescr> + <fieldname>vareapconfenablecheckcertissuer</fieldname> + <description><![CDATA[If this is enabled then the server/client certificate must match the CA issuer. (Default: unchecked)]]></description> + <type>checkbox</type> + <enablefields>vareapconfcountry,vareapconfstate,vareapconfcity,vareapconforganization</enablefields> + </field> + <field> + <fielddescr>Country</fielddescr> + <fieldname>vareapconfcountry</fieldname> + <description><![CDATA[Enter the country of your CA. <b>Must</b> match the value you set in <b>SYSTEM => Cert Manager => CAs</b>. (e.g: US)]]></description> + <type>input</type> + </field> + <field> + <fielddescr>State or Province</fielddescr> + <fieldname>vareapconfstate</fieldname> + <description><![CDATA[Enter the state or province of your CA. <b>Must</b> match the value you set in <b>SYSTEM => Cert Manager => CAs</b>. (e.g: Texas)]]></description> + <type>input</type> + </field> + <field> + <fielddescr>City</fielddescr> + <fieldname>vareapconfcity</fieldname> + <description><![CDATA[Enter the city of your CA. <b>Must</b> match the value you set in <b>SYSTEM => Cert Manager => CAs</b>. (e.g: Austin)]]></description> + <type>input</type> + </field> + <field> + <fielddescr>Organization</fielddescr> + <fieldname>vareapconforganization</fieldname> + <description><![CDATA[Enter the organization of your CA. <b>Must</b> match the value you set in <b>SYSTEM => Cert Manager => CAs</b>. (e.g: My Company Ltd)]]></description> + <type>input</type> + </field> + <field> + <fielddescr>Check Client Certificate CN</fielddescr> + <fieldname>vareapconfenablecheckcertcn</fieldname> + <description><![CDATA[If this is enabled then the common name of the client certificate must match the username you set in <b>FreeRADIUS => Users</b>. (Default: unchecked)]]></description> + <type>checkbox</type> + </field> <field> |