SSL Cert & bootstrap script
I've used the bootstrap script to build certs for our radius server (2.0.5 on FreeBSD) and I've set all of the .cnf files w/ the following: default_days = 3650 default_crl_days = 3650 My problem is that the ca.der file that is created has an expiration date of 30 days. Can anyone point me in the direction of what I'm doing wrong? Thanks in advance. -- Charles Plater Lead Application Technical Analyst Internet Services +1-313-577-4620 ab3189@wayne.edu
Charles Plater wrote:
I've used the bootstrap script to build certs for our radius server (2.0.5 on FreeBSD) and I've set all of the .cnf files w/ the following:
default_days = 3650 default_crl_days = 3650
My problem is that the ca.der file that is created has an expiration date of 30 days. Can anyone point me in the direction of what I'm doing wrong?
It's a bug in OpenSSL. The FreeRADIUS files were fixed to work around this in version 2.1.3. You can grab the fixes in raddb/certs/Makefile. Alan DeKok.
Sure, http://bugs.freeradius.org/show_bug.cgi?id=615 -Ted- Charles Plater wrote:
I've used the bootstrap script to build certs for our radius server (2.0.5 on FreeBSD) and I've set all of the .cnf files w/ the following:
default_days = 3650 default_crl_days = 3650
My problem is that the ca.der file that is created has an expiration date of 30 days. Can anyone point me in the direction of what I'm doing wrong?
Thanks in advance. -- Charles Plater Lead Application Technical Analyst Internet Services +1-313-577-4620 ab3189@wayne.edu <mailto:ab3189@wayne.edu>
-- This message has been scanned for viruses and dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is believed to be clean. ------------------------------------------------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
participants (3)
-
Alan DeKok -
Charles Plater -
Ted Lum