TLS Certificate error?
Ben Humpert
ben at an3k.de
Tue May 26 16:48:58 CEST 2015
2015-05-26 4:46 GMT+02:00 Scott A. Johnson <scott.a.johnson at gmail.com>:
> Module: Linked to sub-module rlm_eap_tls
> Module: Instantiating eap-tls
> tls {
> rsa_key_exchange = no
> dh_key_exchange = yes
> rsa_key_length = 512
> dh_key_length = 512
> verify_depth = 0
> CA_path = "/Library/Server/radius/raddb/certs"
> pem_file_type = yes
> private_key_file = "server.key"
> certificate_file = "server.crt"
> CA_file = "server.crt"
> private_key_password = “REDACTED”
> dh_file = "/Library/Server/radius/raddb/certs/dh"
> random_file = "/Library/Server/radius/raddb/certs/random"
> fragment_size = 1024
> include_length = yes
> check_crl = no
> cipher_list = "DEFAULT"
> make_cert_command = "/Library/Server/radius/raddb/certs/bootstrap"
> ecdh_curve = "prime256v1"
> cache {
> enable = no
> lifetime = 24
> max_entries = 255
> }
> verify {
> tmpdir = "/tmp/radiusd"
> client = "/usr/bin/openssl verify -CApath /Library/Server/radius/raddb/certs %{TLS-Client-Cert-Filename}"
> }
> ocsp {
> enable = no
> override_cert_url = yes
> url = "http://127.0.0.1/ocsp/"
> use_nonce = yes
> timeout = 0
> softfail = no
> }
> }
Alan, I was looking for the documentation about the configuration
options for tls-common but it's neither on freeradius.org nor
networkradius.com. I found the site where it should be
(http://networkradius.com/doc/3.0.8/raddb/tls/tls-config_tls-common.html)
but it's 404. I tried 3.0.8, 3.0.7 and current. I'm just wondering
where Scott got all these options from :)
More information about the Freeradius-Users
mailing list