All rights reserved.
Based on m0n0wall (http://m0n0.ch/wall)
Copyright (C) 2003-2006 Manuel Kasper .
All rights reserved.
*/
/* ========================================================================== */
/*
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
/* ========================================================================== */
]]> Describe your package requirements hereCurrently there are no FAQ items provided.freeradiuscertsnoneFreeRADIUS: Certificatespkg_edit.php?xml=freeradiuscerts.xml&id=0/usr/local/pkg/freeradius.incUsers/pkg.php?xml=freeradius.xmlNAS / Clients/pkg.php?xml=freeradiusclients.xmlInterfaces/pkg.php?xml=freeradiusinterfaces.xmlSettings/pkg_edit.php?xml=freeradiussettings.xml&id=0EAP/pkg_edit.php?xml=freeradiuseapconf.xml&id=0SQL/pkg_edit.php?xml=freeradiussqlconf.xml&id=0Certificates/pkg_edit.php?xml=freeradiuscerts.xml&id=0View config/freeradius_view_config.phpXMLRPC Sync/pkg_edit.php?xml=freeradiussync.xml&id=0GENERAL CONFIGURATIONlisttopicDelete ALL existing Certificates ?varcertsdeleteallALL existing CAs, Server-Certs and Client-Certs in freeradius certs folder!
You must delete all existing if you want to create new ones. (Default: No) Important:
If you like to use certs created on another PC just disable this and click save.]]>selectnoREAD BEFORE DOING ANYTHING HERE!varcertsREADBEFOREThis field is just to make sure you know what you are doing here! If you enter anything the changes here will take effect after "save" - if it's empty - nothing will happen
This page uses the freeradius2 built-in script called "bootstrap" to create CA and certs. The disatvantage of this script is that nothing of your changes will be saved in the global config.xml file. So after a systemcrash or reinstallation of freeradius2 package
all your CA and certs will be lost. If you have a backup of all these files on an USB stick or another server than you can copy them back in the freeradius certs folder.
The better way is to use the pfsense built-in Cert Manager (SYSTEM-> Cert Manager). The CA-Cert and Server-Cert you created there you just have to choose in EAP.
The advantage of this is that all your CA and certs will be saved in global config.xml and can be restored.]]>inputDistinguished Name for CA, Server and ClientlisttopicCountry CodevarcertscountrynameinputUSState or ProvincevarcertsstateorprovincenameinputTexasCityvarcertslocalitynameinputAustinOrganizationvarcertsorganizationnameinputMy Company IncLifetimevarcertsdefaultdaysinput3650Key Lengthvarcertsdefaultbitsselect2048Key Creation Algorithmvarcertsdefaultmd
There seems to be some OS which do not support all algorithms. (Default: md5)]]>selectmd5Certificate Password (CA, Server and Client)varcertspasswordpasswordwhateverCA specific ConfigurationlisttopicE-Mail Addressvarcertscaemailaddressinputadmin@mycompany.comCommon Namevarcertscacommonnameinputinternal-caServer specific ConfigurationlisttopicE-Mail Addressvarcertsserveremailaddressinputwebadmin@mycompany.comCommon Namevarcertsservercommonnameinputserver-certClient specific ConfigurationlisttopicCreate a further Client-CertificatevarcertscreateclientClient-Certs in freeradius certs folder!
Choose this option if you need multiple Client-Certs. Important: You must backup your old Client-Cert before enabling this option. The new Client-Cert must not have any Common Name as other certificates your created before. (Default: No)
This is what you should do the very first time when creating certs here:
1. Check "Delete ALL Certs...", fill out all fields and create a new CA, new Server and Client Cert
2. If you need more than one Client-Cert than backup your first cert using DIAGNOSTICS->COMMAND PROMPT->Download
/usr/local/etc/raddb/certs/client.tar
3. Disable "Delete ALL Certs..." and enable "Create a further Client-Certificate" and fill out the Client fields
4. Repeat step 2. as long as you need.
Limitations:
There is no CRL. Deleting of existing certs from the database (../certs/index.txt) isn't possible from GUI.
If you choose a Common Name which already exists in the database (check view config) the .crt will be zero bytes.
Choose other Common Name and create a new Client-Cert.
]]>selectnoE-Mail Addressvarcertsclientemailaddressinputuser@mycompany.comCommon Namevarcertsclientcommonnameinputclient-cert
freeradius_allcertcnf_resync();
freeradius_allcertcnf_resync();