CA usage and practices

A.L.M.Buxey at A.L.M.Buxey at
Fri Mar 24 18:17:48 CET 2017


> Speaking of which, Alan, I know the bootstrap script is, well, for demo purposes, but it does get used rather a lot for deployments. You may eventually get a replacement for bootstrap from either myself (as proxy) or someone else who thought it was inadequate for production purposes. :-)

given that the script creates CA and server cert only valid for 30 days its hardly ready for production.

those who want to use the provided scripts to start up their own proper system
would normally edit a few values - CA and server lifetime values..

now, assuming that they populate the fields correctly, what are the 
errors/issues with the provided bootstrap (lots of work has gone into
keeping them relevant) - the CA:False etc , migration to SHA methods,
better DH etc have all been done.  IIRC the only things missing are CRLDP and
SubjectAlternativeName , correct?


More information about the Freeradius-Users mailing list