From e5d1c85b5f4e79ac50fbda51850dbfcf073996a3 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Fri, 23 Dec 2011 16:27:28 +0000 Subject: Integrated pfsense Cert Manager in freeradius package (Thanks to jimp and sullrich). Now it is possible to create certificates in pfsense Cert manager and use them for freeradius. The freeradius cert builder script is still present because freeradius needs some default ca and cert to start the service. --- config/freeradius2/freeradiuscerts.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'config/freeradius2/freeradiuscerts.xml') diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml index a0b4ac0f..9cdf656a 100644 --- a/config/freeradius2/freeradiuscerts.xml +++ b/config/freeradius2/freeradiuscerts.xml @@ -98,7 +98,7 @@ Important:
If you like to use certs created on another PC just disable this and click save.]]> select - yes + no @@ -113,7 +113,7 @@ This page uses the freeradius2 built-in script called "bootstrap" to create CA and certs. The disatvantage of this script is that nothing of your changes will be saved in the global config.xml file. So after a systemcrash or reinstallation of freeradius2 package all your CA and certs will be lost. If you have a backup of all these files on an USB stick or another server than you can copy them back in the freeradius certs folder.

- The better way is to use the pfsense built-in Cert Manager (SYSTEM-> Cert Manager). The CA-Cert and Server-Cert you created there you just have to copy to the freeradius certs folder and pointing to these certs in eap. + The better way is to use the pfsense built-in Cert Manager (SYSTEM-> Cert Manager). The CA-Cert and Server-Cert you created there you just have to choose in EAP. The advantage of this is that all your CA and certs will be saved in global config.xml and can be restored.]]> input @@ -247,7 +247,7 @@ Limitations:
- There is no CRL at the moment. Deleting of existing certs from the database (../certs/index.txt) isn't possible from GUI.
+ There is no CRL. Deleting of existing certs from the database (../certs/index.txt) isn't possible from GUI.
If you choose a Common Name which already exists in the database (check view config) the .crt will be zero bytes.
Choose other Common Name and create a new Client-Cert. ]]> @@ -275,8 +275,10 @@ freeradius_allcertcnf_resync(); + freeradius_eapconf_resync(); freeradius_allcertcnf_resync(); + freeradius_eapconf_resync(); \ No newline at end of file -- cgit v1.2.3