FreeRadius3: Certificates for TLS gone after updating to 0.15.7_4
-
Just updated to freeradius3 0.15.7_4 (from 0.15.7_3).
After the update, the certificates are no longer visible or selectable under Services-FreeRADIUS-EAP-Certificates for TLS.
SSL CA Certificate is empty. SSL Server Certificate says none. And there are no selectable certificates in the menu. Clients can still connect, so I am not sure if the server is still using the same certificates as before.
Anyone else had the same issue?
-
Looks like that last update was only meant for 2.5.0 and it got picked back to 2.4.4. We'll get that fixed up shortly.
-
@jimp Thanks. Anything I need to do to bring it back to its' previous state after you get that right? Will uninstalling and reinstalling the package suffice?
-
It will show up like a package update, like any other would. Just update when you see a new update available.
-
@jimp Awesome, thanks.
Anything new in the new version of pfSense regarding freeradius - where can I make suggestions?
I would like to be able to change the cipher_list = "HIGH" instead of "DEFAULT" and experiment with some of the other options.
See these links:
https://framebyframewifi.net/2016/06/13/hardening-tls-for-wlan-802-1x-authentication/https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration
-
At the moment we're not doing new development on it, we're just trying to make sure that new certificate types in 2.5.0 don't break it. Feel free to open feature requests on Redmine or submit pull requests with code changes, though.
-
@jimp l will consider doing so. I have tried ssh'ing into the box and changing the config files, with little luck. I guess that isn't supported (probably a good thing...)..
-
It should be safe to update FreeRADIUS now
-
@jimp I just did, and it works. That was fast, thank you.