CA usage and practices

Alan DeKok aland at
Fri Mar 24 18:32:52 CET 2017

> On Mar 24, 2017, at 1:17 PM, A.L.M.Buxey at wrote:
> given that the script creates CA and server cert only valid for 30 days its hardly ready for production.
> those who want to use the provided scripts to start up their own proper system
> would normally edit a few values - CA and server lifetime values..


> now, assuming that they populate the fields correctly, what are the 
> errors/issues with the provided bootstrap (lots of work has gone into
> keeping them relevant) - the CA:False etc , migration to SHA methods,
> better DH etc have all been done.  IIRC the only things missing are CRLDP and
> SubjectAlternativeName , correct?

  Pretty much.

  Some integration with LDAP may be useful, but that quickly devolves into lots of complexity.

  Alan DeKok.

More information about the Freeradius-Users mailing list