/etc/freeradius/3.0/certs/bootstrap is in freeradius-config 3.0.16+dfsg-1ubuntu3.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 | #!/bin/sh
#
# This is a wrapper script to create default certificates when the
# server first starts in debugging mode. Once the certificates have been
# created, this file should be deleted.
#
# Ideally, this program should be run as part of the installation of any
# binary package. The installation should also ensure that the permissions
# and owners are correct for the files generated by this script.
#
# $Id: 0f719aafd4c9abcdefbf547dedb6e7312c535104 $
#
umask 027
cd `dirname $0`
make -h > /dev/null 2>&1
#
# If we have a working "make", then use it. Otherwise, run the commands
# manually.
#
if [ "$?" = "0" ]; then
make all
exit $?
fi
#
# The following commands were created by running "make -n", and edited
# to remove the trailing backslash, and to add "exit 1" after the commands.
#
# Don't edit the following text. Instead, edit the Makefile, and
# re-generate these commands.
#
if [ ! -f dh ]; then
openssl dhparam -out dh 2048 || exit 1
if [ -e /dev/urandom ] ; then
ln -sf /dev/urandom random
else
date > ./random;
fi
fi
if [ ! -f server.key ]; then
openssl req -new -out server.csr -keyout server.key -config ./server.cnf || exit 1
fi
if [ ! -f ca.key ]; then
openssl req -new -x509 -keyout ca.key -out ca.pem -days `grep default_days ca.cnf | sed 's/.*=//;s/^ *//'` -config ./ca.cnf || exit 1
fi
if [ ! -f index.txt ]; then
touch index.txt
fi
if [ ! -f serial ]; then
echo '01' > serial
fi
if [ ! -f server.crt ]; then
openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf || exit 1
fi
if [ ! -f server.p12 ]; then
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
fi
if [ ! -f server.pem ]; then
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
openssl verify -CAfile ca.pem server.pem || exit 1
fi
if [ ! -f ca.der ]; then
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1
fi
if [ ! -f client.key ]; then
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
fi
if [ ! -f client.crt ]; then
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
fi
|