EAP-TLS Certificate renewal
Hello, I've setup Freeradius EAP-TLS for Android device following this tutorial by Techtalk (https://techtalkblog.ch/ubuntu-18-04-freeradius-v3-wifi-authentication/). The first certificate I've issued will expire next July: Is there a way to extend the life of this certificate? What are the best practices to manage certificates under Freeradius environment? Thanks! Dario Barbon
On Mar 8, 2022, at 11:51 AM, Dario Barbon <dbarbon@olicom.eu> wrote:
I've setup Freeradius EAP-TLS for Android device following this tutorial by Techtalk (https://techtalkblog.ch/ubuntu-18-04-freeradius-v3-wifi-authentication/). The first certificate I've issued will expire next July: Is there a way to extend the life of this certificate?
Not really. You just issue a new one.
What are the best practices to manage certificates under Freeradius environment?
Pretty much the same as anything else which uses certificates. * Keep the private keys secure * if you use your own CA, make the certificate lifetimes reasonably long * getting the certs onto the client devices can be a paid, tho recent WBA changes make that easier. Alan DeKok.
What about the old certificate(s)? Since I'm using the CA bundled with FreeRadius, could you suggest how to avoid '/certs' directory will be a mess of expired and valid certificates? May I delete expired certificates from this folder? Dario Barbon Il 08/03/2022 19:39, Alan DeKok ha scritto:
On Mar 8, 2022, at 11:51 AM, Dario Barbon<dbarbon@olicom.eu> wrote:
I've setup Freeradius EAP-TLS for Android device following this tutorial by Techtalk (https://techtalkblog.ch/ubuntu-18-04-freeradius-v3-wifi-authentication/). The first certificate I've issued will expire next July: Is there a way to extend the life of this certificate? Not really. You just issue a new one.
What are the best practices to manage certificates under Freeradius environment? Pretty much the same as anything else which uses certificates.
* Keep the private keys secure
* if you use your own CA, make the certificate lifetimes reasonably long
* getting the certs onto the client devices can be a paid, tho recent WBA changes make that easier.
Alan DeKok.
- List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html --
Olicom Srl Via Europa, 100 25062 CONCESIO (BS) Tel.+39(0)30-2180500 - Fax. +39(0)30-2180687 - Mobile +39 334 6864136 Web: www.olicom.eu | www.tagwork.it Mail: dbarbon@olicom.eu | Skype: dario_olicom
On Mar 9, 2022, at 2:10 AM, Dario Barbon <dbarbon@olicom.eu> wrote:
What about the old certificate(s)?
Since I'm using the CA bundled with FreeRadius, could you suggest how to avoid '/certs' directory will be a mess of expired and valid certificates? May I delete expired certificates from this folder?
They're just files. If they're not being used, you can delete them. Alan DeKok.
participants (2)
-
Alan DeKok -
Dario Barbon