Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

27 lines
934 B

eap {
default_eap_type = tls
tls-config tls-common {
{% if rad_tls_key_pass is defined %}
private_key_password = {{ rad_tls_key_pass }}
{% endif %}
private_key_file = /etc/radius/certs/key.pem
certificate_file = /etc/radius/certs/cert.pem
{% if rad_tls_ca is defined %}
ca_file = /etc/radius/certs/ca.pem
{% endif %}
dh_file = /etc/radius/certs/dh.pem
ca_path = /etc/radius/certs/
ecdh_curve = "prime256v1"
{% if rad_tls_issuert is defined %}
check_cert_issuer = "{{ rad_tls_issuer }}"
{% endif %}
verify {
tmpdir = /run/radiusd/tls
client = "/usr/local/bin/rad_check_client_cert --cert %{TLS-Client-Cert-Filename}{% if rad_tls_crl is defined %} --crl {{ (rad_tls_crl is search ('https?://')) | ternary(rad_tls_crl,'/etc/radius/certs/crl.pem') }}{% endif %}{% if rad_tls_issuer is defined %} --issuer '{{ rad_tls_issuer }}'{% endif %}"
}
}
tls {
tls = tls-common
}
}