diff -Naur freeradius-server-2.2.3/raddb/eap.conf freeradius-server-2.2.3.oden/raddb/eap.conf --- freeradius-server-2.2.3/raddb/eap.conf 2013-12-11 21:10:12.000000000 +0100 +++ freeradius-server-2.2.3.oden/raddb/eap.conf 2014-02-18 14:23:52.540598489 +0100 @@ -152,11 +152,11 @@ # # These is used to simplify later configurations. # - certdir = ${confdir}/certs - cadir = ${confdir}/certs + system_ssldir = /etc/pki/tls + local_ssldir = ${confdir}/certs - private_key_password = whatever - private_key_file = ${certdir}/server.pem + private_key_password = + private_key_file = ${system_ssldir}/private/radiusd.pem # If Private key & Certificate are located in # the same file, then private_key_file & @@ -168,7 +168,7 @@ # only the server certificate, but ALSO all # of the CA certificates used to sign the # server certificate. - certificate_file = ${certdir}/server.pem + certificate_file = ${system_ssldir}/certs/radiusd.pem # Trusted Root CA list # @@ -185,7 +185,7 @@ # not use client certificates, and you do not want # to permit EAP-TLS authentication, then delete # this configuration item. - CA_file = ${cadir}/ca.pem + CA_file = ${system_ssldir}/certs/ca-bundle.crt # # For DH cipher suites to work, you have to @@ -193,7 +193,7 @@ # # openssl dhparam -out certs/dh 1024 # - dh_file = ${certdir}/dh + dh_file = ${local_ssldir}/dh # # If your system doesn't have /dev/urandom, @@ -204,7 +204,7 @@ # write to files in its configuration # directory. # -# random_file = ${certdir}/random + random_file = ${local_ssldir}/random # # This can never exceed the size of a RADIUS @@ -235,7 +235,7 @@ # Check if intermediate CAs have been revoked. # check_all_crl = yes - CA_path = ${cadir} + CA_path = ${local_ssldir} # # If check_cert_issuer is set, the value will