diff -Naur freeradius-server-2.2.3/raddb/eap.conf freeradius-server-2.2.3.oden/raddb/eap.conf
--- freeradius-server-2.2.3/raddb/eap.conf	2013-12-11 21:10:12.000000000 +0100
+++ freeradius-server-2.2.3.oden/raddb/eap.conf	2014-02-18 14:23:52.540598489 +0100
@@ -152,11 +152,11 @@
 			#
 			#  These is used to simplify later configurations.
 			#
-			certdir = ${confdir}/certs
-			cadir = ${confdir}/certs
+			system_ssldir = /etc/pki/tls
+			local_ssldir = ${confdir}/certs
 
-			private_key_password = whatever
-			private_key_file = ${certdir}/server.pem
+			private_key_password = 
+			private_key_file = ${system_ssldir}/private/radiusd.pem
 
 			#  If Private key & Certificate are located in
 			#  the same file, then private_key_file &
@@ -168,7 +168,7 @@
 			#  only the server certificate, but ALSO all
 			#  of the CA certificates used to sign the
 			#  server certificate.
-			certificate_file = ${certdir}/server.pem
+			certificate_file = ${system_ssldir}/certs/radiusd.pem
 
 			#  Trusted Root CA list
 			#
@@ -185,7 +185,7 @@
 			#  not use client certificates, and you do not want
 			#  to permit EAP-TLS authentication, then delete
 			#  this configuration item.
-			CA_file = ${cadir}/ca.pem
+			CA_file = ${system_ssldir}/certs/ca-bundle.crt
 
 			#
 			#  For DH cipher suites to work, you have to
@@ -193,7 +193,7 @@
 			#
 			#  	openssl dhparam -out certs/dh 1024
 			#
-			dh_file = ${certdir}/dh
+			dh_file = ${local_ssldir}/dh
 
 			#
 			#  If your system doesn't have /dev/urandom,
@@ -204,7 +204,7 @@
 			#  write to files in its configuration
 			#  directory.
 			#
-#			random_file = ${certdir}/random
+			random_file = ${local_ssldir}/random
 
 			#
 			#  This can never exceed the size of a RADIUS
@@ -235,7 +235,7 @@
 			# Check if intermediate CAs have been revoked.
 		#	check_all_crl = yes
 
-			CA_path = ${cadir}
+			CA_path = ${local_ssldir}
 
 		       #
 		       #  If check_cert_issuer is set, the value will