diff options
Diffstat (limited to 'config/freeradius2/freeradiuscerts.xml')
| -rw-r--r-- | config/freeradius2/freeradiuscerts.xml | 267 |
1 files changed, 267 insertions, 0 deletions
diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml new file mode 100644 index 00000000..7503fe49 --- /dev/null +++ b/config/freeradius2/freeradiuscerts.xml @@ -0,0 +1,267 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description><![CDATA[Describe your package here]]></description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>freeradiuscerts</name> + <version>none</version> + <title>FreeRADIUS: Certificates</title> + <aftersaveredirect>pkg_edit.php?xml=freeradiuscerts.xml&id=0</aftersaveredirect> + <include_file>/usr/local/pkg/freeradius.inc</include_file> + <tabs> + <tab> + <text>Users</text> + <url>/pkg.php?xml=freeradius.xml</url> + </tab> + <tab> + <text>NAS / Clients</text> + <url>/pkg.php?xml=freeradiusclients.xml</url> + </tab> + <tab> + <text>Interfaces</text> + <url>/pkg.php?xml=freeradiusinterfaces.xml</url> + </tab> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> + </tab> + <tab> + <text>EAP</text> + <url>/pkg_edit.php?xml=freeradiuseapconf.xml&id=0</url> + </tab> + <tab> + <text>SQL</text> + <url>/pkg_edit.php?xml=freeradiussqlconf.xml&id=0</url> + </tab> + <tab> + <text>Certificates</text> + <url>/pkg_edit.php?xml=freeradiuscerts.xml&id=0</url> + <active/> + </tab> + <tab> + <text>View config</text> + <url>/freeradius_view_config.php</url> + </tab> + </tabs> + <fields> + <field> + <name>GENERAL CONFIGURATION</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Delete ALL existing Certificates ?</fielddescr> + <fieldname>varcertsdeleteall</fieldname> + <description><![CDATA[This will delete <b>ALL</b> existing CAs, Server-Certs and Client-Certs in freeradius certs folder!<br> + You <b>must</b> delete all existing if you want to create new ones. (Default: Yes)<br> + <b>Important:</b><br> + If you like to use certs created on another PC just disable this and click save.]]></description> + <type>select</type> + <default_value>yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <name>Distinguished Name for CA, Server and Client</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Country Code</fielddescr> + <fieldname>varcertscountryname</fieldname> + <description><![CDATA[Enter your country Code. (Default: US)]]></description> + <type>input</type> + <default_value>US</default_value> + </field> + <field> + <fielddescr>State or Province</fielddescr> + <fieldname>varcertsstateorprovincename</fieldname> + <description><![CDATA[Enter your state or province. (Default: Texas)]]></description> + <type>input</type> + <default_value>Texas</default_value> + </field> + <field> + <fielddescr>City</fielddescr> + <fieldname>varcertslocalityname</fieldname> + <description><![CDATA[Enter your city. (Default: Austin)]]></description> + <type>input</type> + <default_value>Austin</default_value> + </field> + <field> + <fielddescr>Organization</fielddescr> + <fieldname>varcertsorganizationname</fieldname> + <description><![CDATA[Enter your organization. (Default: My Company Inc)]]></description> + <type>input</type> + <default_value>My Company Inc</default_value> + </field> + <field> + <fielddescr>Lifetime</fielddescr> + <fieldname>varcertsdefaultdays</fieldname> + <description><![CDATA[Enter the time after which the CA, Server and Client should expire in days. (Default: 3650)]]></description> + <type>input</type> + <default_value>3650</default_value> + </field> + <field> + <fielddescr>Key Length</fielddescr> + <fieldname>varcertsdefaultbits</fieldname> + <description><![CDATA[Enter the key length of CA, Server and Client. (Default: 2048)]]></description> + <type>select</type> + <default_value>2048</default_value> + <options> + <option><name>512</name><value>512</value></option> + <option><name>1024</name><value>1024</value></option> + <option><name>2048</name><value>2048</value></option> + <option><name>4096</name><value>4096</value></option> + </options> + </field> + <field> + <fielddescr>Key Creation Algorithm</fielddescr> + <fieldname>varcertsdefaultmd</fieldname> + <description><![CDATA[Choose the algotithem which should be used to create the key.<br> + There seems to be some OS do not support all algorithms. (Default: md5)]]></description> + <type>select</type> + <default_value>md5</default_value> + <options> + <option><name>MD5</name><value>md5</value></option> + <option><name>SHA1</name><value>sha1</value></option> + </options> + </field> + <field> + <fielddescr>Certificate Password (CA, Server and Client)</fielddescr> + <fieldname>varcertspassword</fieldname> + <description><![CDATA[Enter the password for the CA, Server and Client.<br> + This is the password you need to enter in eap.conf so that freeradius can read the cert. (Default: whatever)]]></description> + <type>password</type> + <default_value>whatever</default_value> + </field> + <field> + <name>CA specific Configuration</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>E-Mail Address</fielddescr> + <fieldname>varcertscaemailaddress</fieldname> + <description><![CDATA[Enter the E-Mail address for the CA. (Default: admin@mycompany.com)]]></description> + <type>input</type> + <default_value>admin@mycompany.com</default_value> + </field> + <field> + <fielddescr>Common Name</fielddescr> + <fieldname>varcertscacommonname</fieldname> + <description><![CDATA[Enter the common name for the CA. (Default: internal-ca)]]></description> + <type>input</type> + <default_value>internal-ca</default_value> + </field> + <field> + <name>Server specific Configuration</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>E-Mail Address</fielddescr> + <fieldname>varcertsserveremailaddress</fieldname> + <description><![CDATA[Enter the E-Mail address for the Server-Cert. (Default: webadmin@mycompany.com)]]></description> + <type>input</type> + <default_value>webadmin@mycompany.com</default_value> + </field> + <field> + <fielddescr>Common Name</fielddescr> + <fieldname>varcertsservercommonname</fieldname> + <description><![CDATA[Enter the common name for the Server-Cert. (Default: server-cert)]]></description> + <type>input</type> + <default_value>server-cert</default_value> + </field> + <field> + <name>Client specific Configuration</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Create a further Client-Certificate</fielddescr> + <fieldname>varcertscreateclient</fieldname> + <description><![CDATA[This will delete existing <b>Client-Certs</b> in freeradius certs folder!<br> + Choose this option if you need multiple Client-Certs.<br> + <b>Important:</b> You must backup your old Client-Cert before enabling this option. The new Client-Cert <b>must not</b> have any Common Name as other certificates your created before. (Default: No)<br><br> + + This is what you should do the very first time when creating certs here:<br> + 1. Check "Delete ALL Certs...", fill out all fields and create a new CA, new Server and Client Cert<br> + 2. If you need more than one Client-Cert than backup your first cert using DIAGNOSTICS->COMMAND PROMPT->Download<br> + /usr/local/etc/raddb/certs/client.tar<br> + 3. Disable "Delete ALL Certs..." and enable "Create a further Client-Certificate" and fill out the Client fields<br> + 4. Repeat step 2. as long as you need.<br><br> + + + <b>Limitations:</b><br> + There is no CRL at the moment. Deleting of existing certs from the database (../certs/index.txt) isn't possible from GUI.<br> + If you choose a Common Name which already exists in the database (check view config) the .crt will be zero bytes.<br> + Choose other Common Name and create a new Client-Cert. + ]]></description> + <type>select</type> + <default_value>no</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>E-Mail Address</fielddescr> + <fieldname>varcertsclientemailaddress</fieldname> + <description><![CDATA[Enter the E-Mail address for the Client-Cert. (Default: user@mycompany.com)]]></description> + <type>input</type> + <default_value>user@mycompany.com</default_value> + </field> + <field> + <fielddescr>Common Name</fielddescr> + <fieldname>varcertsclientcommonname</fieldname> + <description><![CDATA[Enter the common name for the Client-Cert. (Default: client-cert)]]></description> + <type>input</type> + <default_value>client-cert</default_value> + </field> + </fields> + <custom_delete_php_command> + freeradius_allcertcnf_resync(); + </custom_delete_php_command> + <custom_php_resync_config_command> + freeradius_allcertcnf_resync(); + </custom_php_resync_config_command> +</packagegui>
\ No newline at end of file |