diff options
Diffstat (limited to 'raddb/home_servers/tls.conf')
-rw-r--r-- | raddb/home_servers/tls.conf | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/raddb/home_servers/tls.conf b/raddb/home_servers/tls.conf new file mode 100644 index 0000000..7a0a61c --- /dev/null +++ b/raddb/home_servers/tls.conf @@ -0,0 +1,58 @@ +# +# This file contains the configuration for the "outgoing" +# radsec connections. It should be included by all of the +# dynamic home server configuration files. +# +# This file should be customized for your local system. +# +# See sites-available/tls for an example of configuring a home_server +# with TLS. + + # + # The server does not (yet) support RadSec over DTLS. + # + proto = tcp + + # + # Use "auth" for Eduroam, as it does not do accounting. + # + # Other sites may allow "auth+acct". + # + type = auth + + # + # The secret for RadSec is ALWAYS "radsec". + # + secret = radsec + + # + # Similarly to HTTP, the client can use Server Name + # Indication to inform the RadSec server as to which + # domain it is requesting. This selection allows + # multiple sites to exist at the same IP address. + # + # This configuration sets the hostname sent in SNI. + # +# hostname = example.org + + # + # Outbound radsec requires a "tls" subsection. + # + tls { + # + # This is the *client* certificate used to connect outbound to the radsec server. + # + # It MUST be signed by a CA which is known to the radsec server. + # + certificate_file = ${certdir}/radsec-client.pem + + private_key_file = ${certdir}/radsec-client.key + private_key_password = whatever + + ca_path = ${cadir} + + # + # See sites-available/tls, and the "home_server tls" subsection for more + # documentation on which configuration items are allowed here. + # + } |