EAP-TLS Certificate renewal
Dario Barbon
dbarbon at olicom.eu
Wed Mar 9 07:10:37 UTC 2022
What about the old certificate(s)?
Since I'm using the CA bundled with FreeRadius, could you suggest how to avoid '/certs' directory will be a mess of expired and valid certificates?
May I delete expired certificates from this folder?
Dario Barbon
Il 08/03/2022 19:39, Alan DeKok ha scritto:
> On Mar 8, 2022, at 11:51 AM, Dario Barbon<dbarbon at olicom.eu> wrote:
>> I've setup Freeradius EAP-TLS for Android device following this tutorial by Techtalk (https://techtalkblog.ch/ubuntu-18-04-freeradius-v3-wifi-authentication/).
>> The first certificate I've issued will expire next July: Is there a way to extend the life of this certificate?
> Not really. You just issue a new one.
>
>> What are the best practices to manage certificates under Freeradius environment?
> Pretty much the same as anything else which uses certificates.
>
> * Keep the private keys secure
>
> * if you use your own CA, make the certificate lifetimes reasonably long
>
> * getting the certs onto the client devices can be a paid, tho recent WBA changes make that easier.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html
--
Olicom Srl
Via Europa, 100 25062 CONCESIO (BS)
Tel.+39(0)30-2180500 - Fax. +39(0)30-2180687 - Mobile +39 334 6864136
Web: www.olicom.eu | www.tagwork.it
Mail: dbarbon at olicom.eu | Skype: dario_olicom
More information about the Freeradius-Users
mailing list