CA usage and practices
Alan DeKok
aland at deployingradius.com
Fri Mar 24 18:32:52 CET 2017
> On Mar 24, 2017, at 1:17 PM, A.L.M.Buxey at lboro.ac.uk wrote:
> given that the script creates CA and server cert only valid for 30 days its hardly ready for production.
>
> those who want to use the provided scripts to start up their own proper system
> would normally edit a few values - CA and server lifetime values..
Yes.
> now, assuming that they populate the fields correctly, what are the
> errors/issues with the provided bootstrap (lots of work has gone into
> keeping them relevant) - the CA:False etc , migration to SHA methods,
> better DH etc have all been done. IIRC the only things missing are CRLDP and
> SubjectAlternativeName , correct?
Pretty much.
Some integration with LDAP may be useful, but that quickly devolves into lots of complexity.
Alan DeKok.
More information about the Freeradius-Users
mailing list