Default Certificate Expiration Time
Alan Buxey
alan.buxey at gmail.com
Tue Jun 5 19:38:23 CEST 2018
>Once the initial EAP testing has been performed, it is time to create the
real certificates to use in your production network. These certificates
will be configured on the end hosts that will be >doing PEAP, TTLS, or
EAP-TLS authentication
that would usually mean using your local CA and getting a server cert
signed by that and then using that on the server..... or updating the basic
test
stuff that is in ca.cnf/server.cnf etc to be proper and relevant to your
needs. the provided scripts just generate quick 'getting started' certs
for testing/early phase that are only valid for 30 days.
and by the way, your clients are not configured correctly if they happily
just install new certificates when prompted...they should be properly
configured in their settings to only trust
a particular CA and radius server cert name (usually use a deployment tool
(free or commercial) to do that
alan
On 5 June 2018 at 17:03, Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
> On Tue, Jun 5, 2018 at 10:51 AM, Mitch Sullivan <
> mitch.sullivan at swarm64.com>
> wrote:
>
>
> > Is it possible for me to change the certificates so they last a year?
> >
> >
> Tweak the
>
> default_days = 365
>
> in
>
> certs/ca.cnf
>
> -m
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list