All rights reserved. Based on m0n0wall (http://m0n0.ch/wall) Copyright (C) 2003-2006 Manuel Kasper . All rights reserved. */ /* ========================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* ========================================================================== */ ]]> Describe your package requirements here Currently there are no FAQ items provided. freeradiuscerts none pkg_edit.php?xml=freeradiuscerts.xml&id=0 /usr/local/pkg/freeradius.inc Users /pkg.php?xml=freeradius.xml MACs /pkg.php?xml=freeradiusauthorizedmacs.xml NAS / Clients /pkg.php?xml=freeradiusclients.xml Interfaces /pkg.php?xml=freeradiusinterfaces.xml Settings /pkg_edit.php?xml=freeradiussettings.xml&id=0 EAP /pkg_edit.php?xml=freeradiuseapconf.xml&id=0 SQL /pkg_edit.php?xml=freeradiussqlconf.xml&id=0 Certificates /pkg_edit.php?xml=freeradiuscerts.xml&id=0 LDAP /pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0 View config /freeradius_view_config.php XMLRPC Sync /pkg_edit.php?xml=freeradiussync.xml&id=0 GENERAL CONFIGURATION listtopic Delete ALL existing Certificates ? varcertsdeleteall ALL existing CAs, Server-Certs and Client-Certs in freeradius certs folder!
You must delete all existing if you want to create new ones. (Default: No)
Important:
If you like to use certs created on another PC just disable this and click save.]]> select no Yesyes Nono READ BEFORE DOING ANYTHING HERE! varcertsREADBEFORE This field is just to make sure you know what you are doing here!
If you enter anything the changes here will take effect after "save" - if it's empty - nothing will happen

This page uses the freeradius2 built-in script called "bootstrap" to create CA and certs. The disatvantage of this script is that nothing of your changes will be saved in the global config.xml file. So after a systemcrash or reinstallation of freeradius2 package all your CA and certs will be lost. If you have a backup of all these files on an USB stick or another server than you can copy them back in the freeradius certs folder.

The better way is to use the firewall's built-in Cert Manager (SYSTEM-> Cert Manager). The CA-Cert and Server-Cert you created there you just have to choose in EAP. The advantage of this is that all your CA and certs will be saved in global config.xml and can be restored.]]> input Distinguished Name for CA, Server and Client listtopic Country Code varcertscountryname input US State or Province varcertsstateorprovincename input Texas City varcertslocalityname input Austin Organization varcertsorganizationname input My Company Inc Lifetime varcertsdefaultdays input 3650 Key Length varcertsdefaultbits select 2048 512512 10241024 20482048 40964096 Key Creation Algorithm varcertsdefaultmd There seems to be some OS which do not support all algorithms. (Default: md5)]]> select md5 MD5md5 SHA1sha1 Certificate Password (CA, Server and Client) varcertspassword password whatever CA specific Configuration listtopic E-Mail Address varcertscaemailaddress input admin@mycompany.com Common Name varcertscacommonname input internal-ca Server specific Configuration listtopic E-Mail Address varcertsserveremailaddress input webadmin@mycompany.com Common Name varcertsservercommonname input server-cert Client specific Configuration listtopic Create a further Client-Certificate varcertscreateclient Client-Certs in freeradius certs folder!
Choose this option if you need multiple Client-Certs.
Important: You must backup your old Client-Cert before enabling this option. The new Client-Cert must not have any Common Name as other certificates your created before. (Default: No)

This is what you should do the very first time when creating certs here:
1. Check "Delete ALL Certs...", fill out all fields and create a new CA, new Server and Client Cert
2. If you need more than one Client-Cert than backup your first cert using DIAGNOSTICS->COMMAND PROMPT->Download
/usr/local/etc/raddb/certs/client.tar
3. Disable "Delete ALL Certs..." and enable "Create a further Client-Certificate" and fill out the Client fields
4. Repeat step 2. as long as you need.

Limitations:
There is no CRL. Deleting of existing certs from the database (../certs/index.txt) isn't possible from GUI.
If you choose a Common Name which already exists in the database (check view config) the .crt will be zero bytes.
Choose other Common Name and create a new Client-Cert. ]]> select no Yesyes Nono E-Mail Address varcertsclientemailaddress input user@mycompany.com Common Name varcertsclientcommonname input client-cert freeradius_allcertcnf_resync(); freeradius_allcertcnf_resync();