Once the initial EAP testing has been performed, it is time to create the real certificates to use in your production network. These certificates will be configured on the end hosts that will be >doing PEAP, TTLS, or EAP-TLS authentication
that would usually mean using your local CA and getting a server cert signed by that and then using that on the server..... or updating the basic test stuff that is in ca.cnf/server.cnf etc to be proper and relevant to your needs. the provided scripts just generate quick 'getting started' certs for testing/early phase that are only valid for 30 days. and by the way, your clients are not configured correctly if they happily just install new certificates when prompted...they should be properly configured in their settings to only trust a particular CA and radius server cert name (usually use a deployment tool (free or commercial) to do that alan On 5 June 2018 at 17:03, Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
On Tue, Jun 5, 2018 at 10:51 AM, Mitch Sullivan < mitch.sullivan@swarm64.com> wrote:
Is it possible for me to change the certificates so they last a year?
Tweak the
default_days = 365
in
certs/ca.cnf
-m - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html