Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- prefix = /usr
- exec_prefix = /usr
- sysconfdir = /etc
- localstatedir = /var
- sbindir = /usr/sbin
- logdir = ${localstatedir}/log/radius
- raddbdir = ${sysconfdir}/raddb
- radacctdir = ${logdir}/radacct
- name = radiusd
- confdir = ${raddbdir}
- run_dir = ${localstatedir}/run/${name}
- db_dir = ${raddbdir}
- libdir = /usr/lib64/freeradius
- pidfile = ${run_dir}/${name}.pid
- user = radiusd
- group = radiusd
- max_request_time = 30
- cleanup_delay = 5
- max_requests = 1024
- listen {
- type = auth
- ipaddr = *
- port = 0
- }
- listen {
- ipaddr = *
- port = 0
- type = acct
- }
- hostname_lookups = no
- allow_core_dumps = no
- regular_expressions = yes
- extended_expressions = yes
- log {
- syslog_facility = daemon
- stripped_names = no
- auth = no
- auth_badpass = no
- auth_goodpass = no
- }
- checkrad = ${sbindir}/checkrad
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = yes
- }
- proxy_requests = yes
- $INCLUDE proxy.conf
- $INCLUDE clients.conf
- thread pool {
- start_servers = 5
- max_servers = 32
- min_spare_servers = 3
- max_spare_servers = 10
- max_requests_per_server = 0
- }
- modules {
- $INCLUDE ${confdir}/modules/
- $INCLUDE eap.conf
- }
- instantiate {
- exec
- expr
- expiration
- logintime
- }
- $INCLUDE policy.conf
- $INCLUDE sites-enabled/
- [ ca ]
- default_ca = CA_default
- [ CA_default ]
- dir = ./
- certs = $dir
- crl_dir = $dir/crl
- database = $dir/index.txt
- new_certs_dir = $dir
- certificate = $dir/server.pem
- serial = $dir/serial
- crl = $dir/crl.pem
- private_key = $dir/server.key
- RANDFILE = $dir/.rand
- name_opt = ca_default
- cert_opt = ca_default
- default_days = 60
- default_crl_days = 30
- default_md = sha1
- preserve = no
- policy = policy_match
- [ policy_match ]
- countryName = match
- stateOrProvinceName = match
- organizationName = match
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = optional
- [ policy_anything ]
- countryName = optional
- stateOrProvinceName = optional
- localityName = optional
- organizationName = optional
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = optional
- [ req ]
- prompt = no
- distinguished_name = server
- default_bits = 2048
- input_password = whatever
- output_password = whatever
- [server]
- countryName = FR
- stateOrProvinceName = Radius
- localityName = Somewhere
- organizationName = Example Inc.
- emailAddress = admin@example.com
- commonName = "Example Server Certificate"
- openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf |
- sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config
- ./server.cnf
- Using configuration from ./server.cnf
- Check that the request matches the signature
- Signature ok
- Certificate Details:
- Serial Number: 1 (0x1)
- Validity
- Not Before: Sep 17 15:55:12 2014 GMT
- Not After : Nov 16 15:55:12 2014 GMT
- Subject:
- countryName = FR
- stateOrProvinceName = Radius
- organizationName = Example Inc.
- commonName = Example Server Certificate
- emailAddress = admin@example.com
- X509v3 extensions:
- X509v3 Extended Key Usage:
- TLS Web Server Authentication
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement