Page 46 of 55
airPointâ„¢ Nexus User Configuration Guide
intelligent wireless platform
# The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Tennessee
localityName = Locality Name (eg, city)
localityName_default = Brentwood
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Helava
organizationalUnitName = Organizational Unit Name
organizationalUnitName_default = Engineering
commonName = Common Name (eg, YOUR name)
commonName_max = 64
commonName_default = HAI
emailAddress = Email Address
emailAddress_max = 40
emailAddress_default = ohb@cmcast.net
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
challengePassword_default = whatever
unstructuredName = An optional company name
---------------------------------------------------------
b. CA.all -- Update the CA.all script for your requirements. The file is located at:
/usr/src/802/radius/freeradius-snapshot-20040203/scripts
If you use the default password "whatever", you only need to verify that the path in the script points to
the installed openssl information. No changes should be necessary, but there is one gotcha. At about
line 30, the path will probably be in error. Look for the following line and update the path as needed.
echo "newreq.pem" | /usr/local/openssl/ssl/misc/CA.pl -newca
When CA.all executes, it produces nine certific ates:
root.pem, root.p12, root.der
cert-clt.pem, cert-clt.p12, cert-clt.de r
cert-srv.pem, cert-srv.p12, cert-srv.der