From e5d1c85b5f4e79ac50fbda51850dbfcf073996a3 Mon Sep 17 00:00:00 2001
From: Alexander Wilke <nachtfalkeaw@web.de>
Date: Fri, 23 Dec 2011 16:27:28 +0000
Subject: Integrated pfsense Cert Manager in freeradius package (Thanks to jimp
 and sullrich). Now it is possible to create certificates in pfsense Cert
 manager and use them for freeradius.

The freeradius cert builder script is still present because freeradius needs some default ca and cert to start the service.
---
 config/freeradius2/freeradiuseapconf.xml | 73 ++++++++++++++------------------
 1 file changed, 32 insertions(+), 41 deletions(-)

(limited to 'config/freeradius2/freeradiuseapconf.xml')

diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml
index 40b161f8..495a61ee 100644
--- a/config/freeradius2/freeradiuseapconf.xml
+++ b/config/freeradius2/freeradiuseapconf.xml
@@ -143,53 +143,44 @@
 			<type>listtopic</type>
 		</field>
 		<field>
-			<fielddescr>Private Key Password</fielddescr>
-			<fieldname>vareapconfprivatekeypassword</fieldname>
-			<description><![CDATA[Enter the password of the private key. This is the password which you have to choose in "Certificates" tab.<br>
-							This field could be empty. (Default: whatever)]]></description>
-			<type>password</type>
-			<default_value>whatever</default_value>
-		</field>
-		<field>
-			<fielddescr>Server Private Key File</fielddescr>
-			<fieldname>vareapconfprivatekeyfile</fieldname>
-			<description><![CDATA[Enter the filename of the private key file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: server.pem)<br>
-									<b>TIP:</b> You could use "SYSTEM-> Cert Manager" instead of the freeradius Cert script.<br>
-									You just have to export it there and copy it in the freeradius certs folder.]]></description>
-			<type>input</type>
-			<default_value>server.pem</default_value>
-		</field>
-		<field>
-			<fielddescr>Server Certificate File</fielddescr>
-			<fieldname>vareapconfcertificatefile</fieldname>
-			<description><![CDATA[Enter the filename of the server certificate file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: server.pem)<br>
-									<b>TIP:</b> You could use "SYSTEM-> Cert Manager" instead of the freeradius Cert script.<br>
-									You just have to export it there and copy it in the freeradius certs folder.]]></description>
-			<type>input</type>
-			<default_value>server.pem</default_value>
+			<fielddescr>Choose your Cert Manager</fielddescr>
+			<fieldname>vareapconfchoosecertmanager</fieldname>
+			<description><![CDATA[Choose your Cert manager. By default it is the freeradius cert manager because the server needs some default certs to start service. For more information take al look at "Certificates"-Tab.<br>
+									To use the pfsense Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager). (Default: freeRADIUS)]]></description>
+			<type>select</type>
+			<default_value>radiuscertmgr</default_value>
+					<options>
+						<option><name>freeRADIUS Cert Manager (not recommended)</name><value>radiuscertmgr</value></option>
+						<option><name>pfSense Cert Manager (recommended)</name><value>pfsensecertmgr</value></option>
+					</options>
 		</field>
 		<field>
-			<fielddescr>CA File</fielddescr>
-			<fieldname>vareapconfcafile</fieldname>
-			<description><![CDATA[Enter the filename of the CA file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: server.pem)<br>
-									<b>TIP:</b> You could use "SYSTEM-> Cert Manager" instead of the freeradius Cert script.<br>
-									You just have to export it there and copy it in the freeradius certs folder.]]></description>
-			<type>input</type>
-			<default_value>ca.pem</default_value>
+			<fielddescr>SSL CA Certificate</fielddescr>
+			<fieldname>ssl_ca_cert</fieldname>
+			<description><![CDATA[Choose the SSL CA Certficate here which you created with the pfSense Cert Manager.<br>
+									Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description>
+			<type>select_source</type>
+			<source><![CDATA[freeradius_get_ca_certs()]]></source>
+			<source_name>descr</source_name>
+			<source_value>refid</source_value>
 		</field>
 		<field>
-			<fielddescr>DH File</fielddescr>
-			<fieldname>vareapconfdhfile</fieldname>
-			<description><![CDATA[Enter the filename of the DH file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: dh)]]></description>
-			<type>input</type>
-			<default_value>dh</default_value>
+			<fielddescr>SSL Server Certificate</fielddescr>
+			<fieldname>ssl_server_cert</fieldname>
+			<description><![CDATA[Choose the SSL Server Certficate here which you created with the pfSense Cert Manager.<br>
+									Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description>
+			<type>select_source</type>
+			<source><![CDATA[freeradius_get_server_certs()]]></source>
+			<source_name>descr</source_name>
+			<source_value>refid</source_value>
 		</field>
 		<field>
-			<fielddescr>Random File</fielddescr>
-			<fieldname>vareapconfrandomfile</fieldname>
-			<description><![CDATA[Enter the filename of the random file. The file <b>must</b> be in /usr/local/etc/raddb/certs/ (Default: random)]]></description>
-			<type>input</type>
-			<default_value>random</default_value>
+			<fielddescr>Private Key Password</fielddescr>
+			<fieldname>vareapconfprivatekeypassword</fieldname>
+			<description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reaading the certificate.<b>
+								The certificates created by pfSense Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description>
+			<type>password</type>
+			<default_value>whatever</default_value>
 		</field>
 		<field>
 			<name>EAP-TLS with OCSP support</name>
-- 
cgit v1.2.3