What exactly does the configuration of the policy subfield in the ca_default section of the ca.cnf file mean?

Alan DeKok aland at deployingradius.com
Tue Jan 23 16:28:13 UTC 2024


On Jan 23, 2024, at 11:25 AM, 남혁준 <sawd1598 at gmail.com> wrote:
> As far as I can see, if you specify policy_match in the policy of
> server.cnf, it will be compared with the CA certificate based on the
> [policy_match] section to decide whether to generate it or not.
> 
> 
> However, the policy in ca.cnf Specifying policy_match and changing the
> settings in the policy_match section didn't cause any problems.
> 
> What is the significance of this section's existence?

  That configuration file is for OpenSSL.  The file is used to create the certificates.

  The contents are all controlled by OpenSSL.  You'll have to read the OpenSSL documentation to see what those fields are, and what they do.

> PS) This is my first time using this site. Can I only receive emails about
> the questions I asked?

  That's not how the list works, unfortunately.

  Alan DeKok.



More information about the Freeradius-Users mailing list