query on files under /etc/raddb/certs

Alan DeKok aland at deployingradius.com
Thu Nov 12 21:50:54 CET 2020

On Nov 12, 2020, at 2:44 PM, SIMON BABY <simonkbaby at gmail.com> wrote:
> Thank you for replying to me. So if, I don't need to create certs and keys
> Can I delete all those files

  If you're not using them, yes.

> (To make them more secure by not creating any
> cert and key by someone who can hack).

  That doesn't make sense.  If you're not using them, it doesn't matter if someone else reads them.  They don't mean anything, and they don't contain any useful information.

> I have some static certs and key
> files.

  You can *look* at those files to see what they are.  There's a Makefile in raddb/certs  which includes targets to print out the contents of the files.  Or, you can use OpenSSL.  These files aren't specific to FreeRADIUS.  They're created with OpenSSL.  So they can be read by OpenSSL.

  If you look at the files, odds are that they will be for "example.com" or "example.org".  Which are web sites *not* owned by you.  So the certs are entirely meaningless. and leaking the contents of these files does nothing.

  I am extremely wary of security theatre.  If you want to delete files you don't use, that's one thing.  But doing so does not make your systems any more secure.

  Alan DeKok.

More information about the Freeradius-Users mailing list