Ajout de la conf pour l'utilisation de certificat Let's Encrypt

2022-01-30 09:50:11 +00:00 · 2022-01-30 09:50:11 +00:00 · a19a174f19
commit a19a174f19
parent ac3118dd8d
1 changed files with 27 additions and 0 deletions
--- a/freeradius3/mods-enabled/eap
+++ b/freeradius3/mods-enabled/eap
@ -580,6 +580,33 @@ eap {
 		}
 	}

+	tls-config tls-LEcert {
+        private_key_file = ${certdir}/server.key
+        certificate_file = ${certdir}/cert.pem
+        ca_file = ${certdir}/fullchain.pem
+        dh_file = ${certdir}/dh
+        ca_path = ${cadir}
+        cipher_list = "DEFAULT"
+        cipher_server_preference = no
+        tls_min_version = "1.0"
+        tls_max_version = "1.2"
+        ecdh_curve = "prime256v1"
+
+        cache {
+            enable = yes
+            lifetime = 1 # hours
+        }
+
+        verify {
+        }
+
+        ocsp {
+            enable = no
+                override_cert_url = yes
+                url = "http://127.0.0.1/ocsp/"
+            }
+    }
+
 	## EAP-TLS
 	#
 	#  As of Version 3.0, the TLS configuration for TLS-based