#
- # This configuration entry should be deleted
- # once the server is running in a normal
- # configuration. It is here ONLY to make
- # initial deployments easier.
+ # This command creates the initial "snake oil"
+ # certificates when the server is run as root,
+ # and via "radiusd -X".
+ #
+ # As of 2.1.11, it *also* checks the server
+ # certificate for validity, including expiration.
+ # This means that radiusd will refuse to start
+ # when the certificate has expired. The alternative
+ # is to have the 802.1X clients refuse to connect
+ # when they discover the certificate has expired.
+ #
+ # Debugging client issues is hard, so it's better
+ # for the server to print out an error message,
+ # and refuse to start.
#
make_cert_command = "${certdir}/bootstrap"
# see doc/SoH.txt for more info.
# It is disabled by default.
#
- # soh = yes
+# soh = yes
#
# The SoH reply will be turned into a request which
# can be sent to a specific virtual server:
#
- # soh_virtual_server = "soh-server"
+# soh_virtual_server = "soh-server"
}
#