Untitled

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib64/freeradius
pidfile = ${run_dir}/${name}.pid
user = radiusd
group = radiusd
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
        type = auth
        ipaddr = *
        port = 0
}
listen {
        ipaddr = *
        port = 0
        type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions     = yes
extended_expressions    = yes
log {
        syslog_facility = daemon
        stripped_names = no
        auth = no
        auth_badpass = no
        auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
}
proxy_requests  = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
        start_servers = 5
        max_servers = 32
        min_spare_servers = 3
        max_spare_servers = 10
        max_requests_per_server = 0
}

modules {
        $INCLUDE ${confdir}/modules/
        $INCLUDE eap.conf
}

instantiate {
        exec
        expr
        expiration
        logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/

[ ca ]

default_ca              = CA_default

[ CA_default ]

dir                     = ./

certs                   = $dir

crl_dir                 = $dir/crl

database                = $dir/index.txt

new_certs_dir           = $dir

certificate             = $dir/server.pem

serial                  = $dir/serial

crl                     = $dir/crl.pem

private_key             = $dir/server.key

RANDFILE                = $dir/.rand

name_opt                = ca_default

cert_opt                = ca_default

default_days            = 60

default_crl_days        = 30

default_md              = sha1

preserve                = no

policy                  = policy_match


[ policy_match ]

countryName             = match

stateOrProvinceName     = match

organizationName        = match

organizationalUnitName  = optional

commonName              = supplied

emailAddress            = optional


[ policy_anything ]

countryName             = optional

stateOrProvinceName     = optional

localityName            = optional

organizationName        = optional

organizationalUnitName  = optional

commonName              = supplied

emailAddress            = optional


[ req ]

prompt                  = no

distinguished_name      = server

default_bits            = 2048

input_password          = whatever

output_password         = whatever


[server]

countryName             = FR

stateOrProvinceName     = Radius

localityName            = Somewhere

organizationName        = Example Inc.

emailAddress            = admin@example.com

commonName              = "Example Server Certificate"

openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr  -key `grep output_password ca.cnf |

sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config

./server.cnf

Using configuration from ./server.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0x1)

        Validity

            Not Before: Sep 17 15:55:12 2014 GMT

            Not After : Nov 16 15:55:12 2014 GMT

        Subject:

            countryName               = FR

            stateOrProvinceName       = Radius

            organizationName          = Example Inc.

            commonName                = Example Server Certificate

            emailAddress              = admin@example.com

        X509v3 extensions:

            X509v3 Extended Key Usage:

                TLS Web Server Authentication