diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2021-01-19 21:58:10 +0100 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2021-01-19 22:39:39 +0100 |
commit | d43cdbc412d6548447d3d4c6238fc56c99e09d98 (patch) | |
tree | 8f5d9b7eabc3dfffaaa7be0088bae08777146aeb /roles/space_server/files/radius/mods-available | |
parent | 3da205a190c0b6f36a726d90afa4dc303ee84ffe (diff) | |
download | labitat-ansible-d43cdbc412d6548447d3d4c6238fc56c99e09d98.tar.gz labitat-ansible-d43cdbc412d6548447d3d4c6238fc56c99e09d98.tar.xz labitat-ansible-d43cdbc412d6548447d3d4c6238fc56c99e09d98.zip |
space_server: radius: use letsencrypt certificate
Diffstat (limited to 'roles/space_server/files/radius/mods-available')
-rw-r--r-- | roles/space_server/files/radius/mods-available/eap | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/roles/space_server/files/radius/mods-available/eap b/roles/space_server/files/radius/mods-available/eap index 2136414..938370c 100644 --- a/roles/space_server/files/radius/mods-available/eap +++ b/roles/space_server/files/radius/mods-available/eap @@ -181,8 +181,8 @@ eap { # authenticate via EAP-TLS! This is likely not what you want. # tls-config tls-common { - private_key_password = whatever - private_key_file = ${certdir}/server.pem + # private_key_password = whatever + private_key_file = ${certdir}/privkey.pem # If Private key & Certificate are located in # the same file, then private_key_file & @@ -218,7 +218,7 @@ eap { # give advice which will work everywhere. Instead, # we give general guidelines. # - certificate_file = ${certdir}/server.pem + certificate_file = ${certdir}/fullchain.pem # Trusted Root CA list # @@ -231,7 +231,7 @@ eap { # In that case, this CA file should contain # *one* CA certificate. # - ca_file = ${cadir}/ca.pem + # ca_file = ${cadir}/ca.pem # OpenSSL will automatically create certificate chains, # unless we tell it to not do that. The problem is that @@ -392,8 +392,8 @@ eap { # tls_max_version. # # disable_tlsv1_2 = no - disable_tlsv1_1 = yes - disable_tlsv1 = yes + # disable_tlsv1_1 = yes + # disable_tlsv1 = yes # Set min / max TLS version. Mainly for Debian # "trusty", which disables older versions of TLS, and |