cert bootstrap script change: no more MD5?

Stefan Winter stefan.winter at restena.lu
Mon Oct 17 19:53:37 CEST 2011


Hi,

the bootstrap script uses ca.cnf, server.cnf and client.cnf for the
generated certificates. All of these set the default_md = md5.

iOS 5 is the first OS to condemn certificates which are signed by MD5.
So, the default certificates generated by this script will not be
compatible with recent iOS.

Does anything speak against up'ing the default_md to sha1? Otherwise I
can see questions on -user coming up saying EAP doesn't work - and this
time with a particularly difficult to diagnose issue.

Greetings,

Stefan Winter



More information about the Freeradius-Devel mailing list