\r\n
- \r\n
- \u3000\u30fb#1 Instant On\u306e\u6982\u8981<\/a><\/li>\r\n
- \u3000\u30fb#2 RADIUS\u30b5\u30fc\u30d0\u3068\u306e\u9023\u643a<\/a><\/li>\r\n
- \u3000\u30fb#3 \u81ea\u5df1\u8a8d\u8a3c\u8a3c\u660e\u66f8\u306e\u8a2d\u5b9a<\/a><\/li>\r\n
- \u3000\u30fb#4 EAP-PEAP\u306b\u3088\u308b\u8a8d\u8a3c<\/a><\/li>\r\n
- \u3000\u30fb#5 AP\u3092RADIUS\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b<\/a><\/li>\r\n
- \u3000\u30fb#6 \u8a8d\u8a3cVLAN\u306e\u5b9f\u88c5<\/a><\/li>\r\n
- \u3000\u30fb#7 LDAP\u3068\u306e\u9023\u643a<\/a><\/li>\r\n<\/ul>\r\n
\r\n\r\n\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\uff08\u81ea\u5df1\u8a8d\u8a3c\u5c40\uff09\u3092\u4f5c\u6210\u3057\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3084\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b<\/h3>\r\n
\r\n\u4eca\u56de\u306f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8PC\u3068RADIUS\u30b5\u30fc\u30d0\u9593\u3067EAP\u8a8d\u8a3c\uff08802.1x\uff09\u3092\u884c\u3046\u304c\u3001\u5b9f\u88c5\u304c\u5bb9\u6613\u3067\u305d\u308c\u306a\u308a\u306b\u5229\u7528\u5b9f\u7e3e\u304c\u591a\u3044PEAP(MS-CHAPV2)\u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u30e1\u30a4\u30f3\u3068\u3057\u3066\u7528\u3044\u308b\u3053\u3068\u306b\u3059\u308b\uff0ePEAP\u3067\u306fEAP\u306e\u901a\u4fe1\u5185\u5bb9\u304cTLS\u306b\u3088\u3063\u3066\u6697\u53f7\u5316\u3055\u308c\u305f\u72b6\u614b\u3067\u884c\u308f\u308c\u308b\uff0e\u3053\u306e\u6697\u53f7\u5316\u901a\u4fe1\u3092\u884c\u3046\u305f\u3081\u306bPKI\u8a3c\u660e\u66f8\uff08PEAP\u3067\u306f\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\uff09\u304c\u5fc5\u8981\u306b\u306a\u308b\uff0e<\/p>\r\n
\r\n\u4ee3\u8868\u7684\u306aEAP\u8a8d\u8a3c\u65b9\u5f0f\uff08EPA-PEAP,EAP-TLS\uff09\u3067\u7528\u3044\u3089\u308c\u308bPKI\u8a3c\u660e\u66f8\u306e\u95a2\u4fc2\u3092\u7c21\u5358\u306b\u56f3\u793a\u3059\u308b\u3068\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u306a\u308b\uff0e<\/p>\r\n
\r\n\r\n![\"EAP](\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/05\/EAP-Authentication.png\")
\r\n
\r\nEAP\u8a8d\u8a3c\u65b9\u5f0f\uff08EPA-PEAP,EAP-TLS\uff09\u3067\u7528\u3044\u3089\u308c\u308b\u5404\u8a3c\u660e\u66f8\u306e\u4fe1\u983c\u95a2\u4fc2<\/span>\r\n
\r\n<\/div>\r\n
\r\n\u6c11\u9593\u306e\u5546\u7528\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u5c0e\u5165\u3059\u308b\u306e\u3067\u3042\u308c\u3070\u3001\u8a8d\u8a3c\u5c40\u306e\u904b\u7528\u30fb\u7ba1\u7406\u306f\u53b3\u683c\u306b\u884c\u308f\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u30e6\u30fc\u30b6\u5074\u3067\u306f\u767a\u884c\u3055\u308c\u305f\u8a3c\u660e\u66f8\u3092\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30c7\u30d0\u30a4\u30b9\u3084\u5404\u7a2e\u30b5\u30fc\u30d0\u306b\u5c0e\u5165\u3059\u308b\u3060\u3051\u3067\u826f\u3044\u306e\u3060\u304c\u3001\u3042\u304f\u307e\u3067\u3082\u6c11\u9593\u306e\u696d\u8005\u304c\u30b5\u30fc\u30d3\u30b9\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u4e2d\u306b\u306f\u3044\u3044\u52a0\u6e1b\u306a\u7ba1\u7406\u30fb\u904b\u7528\u3092\u884c\u3063\u3066\u3044\u308b\u696d\u8005\u3082\u3044\u308b\u306e\u3067\u3001\u5546\u7528\u306e\u8a3c\u660e\u66f8\u3092\u5c0e\u5165\u3059\u308b\u5834\u5408\u306f\u3001\u304d\u3061\u3093\u3068\u3057\u305f\u30e1\u30b8\u30e3\u30fc\u306a\u5546\u7528\u30b5\u30fc\u30d3\u30b9\u3092\u9078\u629e\u3059\u308b\u306e\u304c\u7121\u96e3\u3060\uff0e<\/p>\r\n
\r\n\u56fd\u3084\u81ea\u6cbb\u4f53\u306a\u3069\u306e\u516c\u7684\u306a\u6a5f\u95a2\u304c\u767a\u884c\u3059\u308b\u8a3c\u660e\u66f8\u306b\u3064\u3044\u3066\u306f\u3001\u7279\u306b\u53b3\u683c\u306a\u904b\u7528\u7ba1\u7406\u304c\u884c\u308f\u308c\u3066\u3044\u308b\u3068\u4fe1\u3058\u305f\u3044\u3068\u3053\u308d\u3060\u304c\u3001\u5982\u4f55\u305b\u3093\u3053\u308c\u3089\u306e\u516c\u7684\u306a\u6a5f\u95a2\u304c\u884c\u3063\u3066\u3044\u308b\u30b5\u30fc\u30d3\u30b9\u306f\u6b86\u3069\u306e\u5834\u5408\u8abf\u9054\u3057\u305f\u6c11\u9593\u696d\u8005\u306b\u904b\u7528\u3084\u7ba1\u7406\u3092\u4e38\u6295\u3052\u3057\u3066\u3044\u308b\u306e\u3067\u3001\u904b\u7528\u7ba1\u7406\u306e\u5b9f\u614b\u306f\uff1f\uff1f\uff1f\u3060\u308d\u3046\uff0e”\u30de\u30a4\u25cb\u25cb\u25cb\u25cb\u30ab\u30fc\u30c9”\u306a\u3069\u3068\u3044\u3046\u80e1\u6563\u81ed\u3044\u540d\u524d\u3092\u4ed8\u3051\u3066\u3001\u56fd\u6c11\u306e\u76ee\u3092\u305d\u3089\u3059\u3088\u3046\u306a\u3084\u308a\u65b9\u306f\u60aa\u5fb3\u653f\u6cbb\u5bb6\uff08\u5229\u6a29\u8abf\u6574\u5c4b\u3068\u547c\u3076\u3079\u304d\u304b\uff09\u3084\u3053\u3056\u304b\u3057\u3044\u5f79\u4eba\u9054\u306e\u5e38\u5957\u6280\u3060\uff0e<\/p>\r\n
“\u30de\u30a4\u25cb\u25cb\u25cb\u25cb\u30ab\u30fc\u30c9”\u306e”\u30de\u30a4”\u306f\u3042\u306a\u305f\u306e”\u30de\u30a4”\u3067\u306f\u306a\u304f\u3001\u70ba\u653f\u8005\u5074\u306e\u9023\u4e2d\u306b\u3068\u3063\u3066\u306e”\u30de\u30a4”\u3067\u3042\u308b\u3053\u3068\u306f\u8a00\u3046\u307e\u3067\u3082\u306a\u3044\uff0e<\/p>\r\n
\r\nApple\u3084Google\u3001Microsoft\u306a\u3069\u306e\u30e1\u30b8\u30e3\u30fc\u3069\u3053\u308d\u306f\u3001PKI\u306b\u3088\u308b\u8a3c\u660e\u66f8\u306e\u904b\u7528\u3084\u53d6\u308a\u6271\u3044\u306b\u5bfe\u3057\u3066\u3069\u3093\u3069\u3093\u53b3\u3057\u304f\u5bfe\u5fdc\u3059\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u304d\u3066\u304a\u308a\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u5074\u3067\u3082\u3001\u3053\u308c\u3089\u306e\u898f\u5236\u5f37\u5316\u306e\u52d5\u304d\u306b\u5bfe\u3057\u3066\u5e38\u306b\u6ce8\u610f\u3092\u6255\u3046\u5fc5\u8981\u304c\u3042\u308b\uff0e\uff08\u53c2\u8003\uff1a\u300e\u6700\u5927\u6709\u52b9\u671f\u9593\u304c 2029 \u5e74\u306b 47 \u65e5\u3078\uff01 \u77ed\u7e2e\u5316\u306e\u80cc\u666f\u3068 SSL\/TLS \u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8\u306e\u8ab2\u984c\u3068\u5bfe\u7b56\u300f<\/a> cybertrust BLOG \uff09<\/p>\r\n
\r\n
\r\nFreeRADIUS\u306b\u3088\u308b\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306e\u8a2d\u5b9a<\/h4>\r\n
\r\nFreeRADIUS\u306b\u306f\u3053\u306ePKI\u8a3c\u660e\u66f8\u3092\u30e6\u30fc\u30b6\u304c\u81ea\u5206\u81ea\u8eab\u3067\u767a\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u3092\u7c21\u5358\u306b\u7acb\u3061\u4e0a\u3052\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u30d5\u30a1\u30a4\u30eb\u3084Makefile\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u308b\uff0e\u4eca\u56de\u306fFreeRADIUS\u306e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u4f5c\u6210\u30c4\u30fc\u30eb\u3092\u7528\u3044\u308b\u3053\u3068\u306b\u3059\u308b\uff0e\u52ff\u8ad6\u3001\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u3092\u4eca\u56de\u69cb\u7bc9\u3059\u308bRADIUS\u30b5\u30fc\u30d0\u4ee5\u5916\u3067\u904b\u7528\u3059\u308b\u3053\u3068\u3082\u53ef\u80fd\u3060\u304c\u3001\u4eca\u56de\u306e\u3088\u3046\u306a\u691c\u8a3c\u7528\u9014\u3067\u306fRADIUS\u30b5\u30fc\u30d0\u3068\u306e\u517c\u7528\u3067\u69cb\u308f\u306a\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n
\r\nFreeRADIUS\u306ePKI\u8a3c\u660e\u66f8\u95a2\u9023\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306f\u3001”\/etc\/raddb\/certs” \u914d\u4e0b\u306b\u7f6e\u304b\u308c\u3066\u3044\u308b\uff0e”REAME” \u30d5\u30a1\u30a4\u30eb\u306b\u5404\u7a2e\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u305f\u3081\u306e\u624b\u9806\u304c\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u3053\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u53c2\u7167\u3057\u306a\u304c\u3089\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u3068\u826f\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n
\r\n\u5148\u305a\u6700\u521d\u306b\u884c\u3046\u3053\u3068\u306f\u3001\u8a3c\u660e\u66f8\u306b\u304a\u58a8\u4ed8\u304d\u3092\u4e0e\u3048\u308b\u8a8d\u8a3c\u5c40\u3092\u8a2d\u7f6e\u3059\u308b\u3053\u3068\u3060\uff0e\u8a8d\u8a3c\u5c40\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306f “ca.cnf” \u3067\u3001\u4e88\u3081\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u9805\u76ee\u3092\u3001\u81ea\u5206\u306e\u74b0\u5883\u306b\u5408\u308f\u305b\u3066\u9069\u5b9c\u4fee\u6b63\u3059\u308b\uff0e \u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9593\u304c30\u65e5\u3068\u77ed\u3044\u306e\u3067\u3001\u81ea\u5206\u3067\u7ba1\u7406\u3057\u3084\u3059\u3044\u9069\u5f53\u306a\u671f\u9593\u306b\u8a2d\u5b9a\u3092\u5909\u66f4\u3059\u308b\uff0e\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306a\u306e\u3067\u4efb\u610f\u306e\u671f\u9593\u3092\u8a2d\u5b9a\u53ef\u80fd\u3060\u304c\u3001\u3042\u307e\u308a\u671f\u9593\u3092\u9577\u304f\u3059\u308b\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u7684\u306b\u554f\u984c\u304c\u3042\u308b\u306e\u3067\u30011\u5e74\u301c\u6570\u5e74\u7a0b\u5ea6\u304c\u73fe\u5b9f\u7684\u306a\u671f\u9593\u3060\u308d\u3046\uff0e\u540c\u69d8\u306b\u5931\u52b9\u30ea\u30b9\u30c8\u306e\u66f4\u65b0\u9593\u9694\u3082\u9069\u5207\u306b\u8a2d\u5b9a\u3057\u3066\u304a\u304f\u3053\u3068\uff0e\u4f01\u696d\u306a\u3069\u3067\u306f\u9000\u8077\u8005\u3092\u5931\u52b9\u30ea\u30b9\u30c8\u306b\u8a18\u8f09\u3057\u3066\u3001\u9000\u8077\u8005\u306e\u8a3c\u660e\u66f8\u3092\u5931\u52b9\u3055\u305b\u308b\u3053\u3068\u304c\u53ef\u80fd\u3060\u304c\u3001\u3053\u306e\u9593\u9694\u3092\u9577\u304f\u3057\u3059\u304e\u308b\u3068\u3001\u9000\u8077\u5f8c\u3082\u66ab\u304f\u306e\u9593\u5931\u52b9\u3055\u308c\u306a\u3044\u306e\u3067\u6ce8\u610f\u304c\u5fc5\u8981\u3060\uff0e<\/p>\r\n
\r\n\u4f01\u696d\u306a\u3069\u3067\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u3092\u304d\u3061\u3093\u3068\u904b\u7528\u3092\u884c\u3046\u306b\u306f\u5931\u52b9\u30ea\u30b9\u30c8\uff08Certificate Revocation List)\u3092\u6b63\u3057\u304f\u8a2d\u5b9a\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u304c\u3001\u904b\u7528\u306e\u624b\u9593\u3092\u8003\u3048\u308b\u3068\u3053\u306e\u5931\u52b9\u30ea\u30b9\u30c8\u3092\u7dad\u6301\u30fb\u7ba1\u7406\u3059\u308b\u3053\u3068\u306f\u96e3\u3057\u3044\uff0e\u4eca\u56de\u306f\u5bb6\u5ead\u3067\u306e\u81ea\u5df1\u8a8d\u8a3c\u5c40\u306a\u306e\u3067\u3001EAP\u8a8d\u8a3c\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3067\u3001\u8a3c\u660e\u66f8\u306eCRL\u60c5\u5831\u3092\u30c1\u30a7\u30c3\u30af\u3057\u306a\u3044\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n
\r\n\u8a8d\u8a3c\u5c40\u306e\u4f5c\u6210<\/h4>\r\n
\r\n\r\n\r\n[root@nsauth6 certs]# pwd\r\n\/etc\/raddb\/certs\r\n\r\n[root@nsauth6 certs]# ls -la\r\ntotal 80\r\ndrwxrwx---. 2 root radiusd 4096 May 6 21:36 .\r\ndrwxr-xr-x. 9 root radiusd 4096 May 6 19:00 ..\r\n-rw-r-----. 1 root radiusd 6739 Nov 13 01:30 Makefile\r\n-rw-r-----. 1 root radiusd 8876 Nov 13 01:30 README\r\n-rwxr-x---. 1 root radiusd 2940 Nov 13 01:30 bootstrap\r\n-rw-r----- 1 root radiusd 1421 May 6 21:19 ca.cnf\r\n-rw-r----- 1 root radiusd 1432 May 6 14:12 ca.cnf.org\r\n-rw-r----- 1 root radiusd 1096 May 6 21:20 client.cnf\r\n-rw-r----- 1 root radiusd 1103 May 6 14:12 client.cnf.org\r\n-rw-r----- 1 root radiusd 1121 May 6 21:16 inner-server.cnf\r\n-rw-r----- 1 root radiusd 1131 May 6 21:12 inner-server.cnf.org\r\n-rw-r--r-- 1 root radiusd 164 May 6 21:26 passwords.mk\r\n-rw-r--r-- 1 root radiusd 166 May 6 16:11 passwords.mk.org\r\n-rw-r----- 1 root radiusd 1618 May 6 21:22 server.cnf\r\n-rw-r----- 1 root radiusd 1627 May 6 14:12 server.cnf.org\r\n-rw-r----- 1 root radiusd 3048 May 6 21:36 xpextensions\r\n-rw-r----- 1 root radiusd 3046 May 6 21:32 xpextensions.org\r\n[root@nsauth6 certs]# \r\n\r\n\u3010\"\/etc\/raddb\/certs\/ca.cnf\" \u3011\r\n\r\n[ ca ]\r\ndefault_ca\t\t= CA_default\r\n\r\n[ CA_default ]\r\ndir\t\t\t= .\/\r\ncerts\t\t\t= $dir\r\ncrl_dir\t\t\t= $dir\/crl\r\ndatabase\t\t= $dir\/index.txt\r\nnew_certs_dir\t\t= $dir\r\ncertificate\t\t= $dir\/ca.pem\r\nserial\t\t\t= $dir\/serial\r\ncrl\t\t\t= $dir\/crl.pem\r\nprivate_key\t\t= $dir\/ca.key\r\nRANDFILE\t\t= $dir\/.rand\r\nname_opt\t\t= ca_default\r\ncert_opt\t\t= ca_default\r\ndefault_days\t\t= 60 <=== \u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9593\uff08\u65e5\u6570\uff09\r\ndefault_crl_days\t= 30 <=== \u8a3c\u660e\u66f8\u306e\u5931\u52b9\u78ba\u8a8d\u9593\u9694\uff08\u65e5\u6570\uff09\r\ndefault_md\t\t= sha256\r\npreserve\t\t= no\r\npolicy\t\t\t= policy_match\r\ncrlDistributionPoints\t= URI:http:\/\/www.example.org\/example_ca.crl\u3000\u3000<=== \u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u306eURL\r\n\r\n[ policy_match ]\r\ncountryName\t\t= match\r\nstateOrProvinceName\t= match\r\norganizationName\t= match\r\norganizationalUnitName\t= optional\r\ncommonName\t\t= supplied\r\nemailAddress\t\t= optional\r\n\r\n[ policy_anything ]\r\ncountryName\t\t= optional\r\nstateOrProvinceName\t= optional\r\nlocalityName\t\t= optional\r\norganizationName\t= optional\r\norganizationalUnitName\t= optional\r\ncommonName\t\t= supplied\r\nemailAddress\t\t= optional\r\n\r\n[ req ]\r\nprompt\t\t\t= no\r\ndistinguished_name\t= certificate_authority\r\ndefault_bits\t\t= 2048\r\ninput_password\t\t= whatever\r\noutput_password\t\t= whatever\r\nx509_extensions\t\t= v3_ca\r\n\r\n[certificate_authority]\r\ncountryName\t\t= FR <=== \u8a8d\u8a3c\u5c40\u306e\u60c5\u5831\uff08\u56fd\u30ec\u30d9\u30eb\uff09\r\nstateOrProvinceName\t= Radius <=== \uff08\u5dde\u3001\u770c\u30ec\u30d9\u30eb\uff09\r\nlocalityName\t\t= Somewhere <=== \uff08\u90e1\u3084\u5e02\u753a\u6751\u30ec\u30d9\u30eb\uff09\r\norganizationName\t= Example Inc. <=== \uff08\u7d44\u7e54\u30fb\u90e8\u5c40\u306a\u3069\u306e\u60c5\u5831\uff09\r\nemailAddress\t\t= admin@example.org <=== \uff08\u7ba1\u7406\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u306a\u3069\uff09\r\ncommonName\t\t= \"Example Certificate Authority\"\u3000 <=== \uff08\u8a8d\u8a3c\u5c40\u306e\u540d\u79f0\uff09\r\n\r\n[v3_ca]\r\nsubjectKeyIdentifier\t= hash\r\nauthorityKeyIdentifier\t= keyid:always,issuer:always\r\nbasicConstraints\t= critical,CA:true\r\ncrlDistributionPoints\r\n\r\n<\/code>\r\n<\/pre>\r\n
\r\n\"ca.cnf\"\u30d5\u30a1\u30a4\u30eb\u306e\u8a2d\u5b9a\u304c\u7d42\u308f\u3063\u305f\u3089\u3001\u8a8d\u8a3c\u5c40\u3092\u4f5c\u6210\u3059\u308b\u4e00\u9023\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3059\u308b\u304c\u3001\"Makefile\" \u306e\u5185\u5bb9\u306b\u5f93\u3063\u3066make\u3092\u5b9f\u884c\u3059\u308b\u304c\u3001\u305d\u306e\u524d\u306b\u8a3c\u660e\u66f8\u5931\u52b9URL\u306e\u60c5\u5831\u3092\u3000\"xpextensions\" \u306b\u8a2d\u5b9a\u3059\u308b\uff0e<\/p>\r\n
\r\n\r\n\r\n\u3010\"\/etc\/raddb\/certs\/xpextensions\"\u3011\r\n\r\n#\r\n# File containing the OIDs required for Windows\r\n# and iOS\r\n#\r\n# http:\/\/support.microsoft.com\/kb\/814394\/en-us\r\n#\r\n# https:\/\/support.apple.com\/en-us\/HT210176\r\n#\r\n[ xpclient_ext]\r\nextendedKeyUsage = 1.3.6.1.5.5.7.3.2\r\ncrlDistributionPoints = URI:http:\/\/www.example.com\/example_ca.crl <=== \u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u306eURL\r\n\r\n[ xpserver_ext]\r\nextendedKeyUsage = 1.3.6.1.5.5.7.3.1\r\ncrlDistributionPoints = URI:http:\/\/www.example.com\/example_ca.crl <=== \u8a3c\u660e\u66f8\u5931\u52b9\u30ea\u30b9\u30c8\u306eURL\r\n\r\n# Enterprise Wi-Fi clients from 2020 onwards which have the\r\n# Wi-Fi Certified WPA3 Release 2 (December 2019) certification \r\n# honour the following two policies for enhanced security \r\n# posture regarding certificate validation:\r\n#\r\n \r\n ...\r\n\r\n<\/code><\/pre>\r\n
\r\n\u8a8d\u8a3c\u5c40\u306e\u4f5c\u6210\u3084\u5404\u7a2e\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\u306b\u5931\u6557\u3057\u305f\u5834\u5408\u306f\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4fee\u6b63\u3057\u3001\u4f5c\u696d\u30d5\u30a1\u30a4\u30eb\u985e\u3092\u524a\u9664\u3059\u308b\uff0e
\r\n
\r\n\u3000\u3000\u3000\u3000rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt* \r\n
\r\n<\/p>\r\n
\r\n\r\n\r\n\r\n[root@nsauth6 certs]# make ca.pem <=== \u8a8d\u8a3c\u5c40\u3092\u4f5c\u6210\r\n\r\n[root@nsauth6 certs]# make ca.pem\r\nmake[1]: Entering directory '\/etc\/raddb\/certs'\r\nmake[1]: Leaving directory '\/etc\/raddb\/certs'\r\nmake[1]: Entering directory '\/etc\/raddb\/certs'\r\nmake[1]: Leaving directory '\/etc\/raddb\/certs'\r\nopenssl req -new -x509 -keyout ca.key -out ca.pem \\\r\n\t-days '360' -config .\/ca.cnf \\\r\n\t-passin pass:'whatever' -passout pass:'whatever' -noenc\r\n.......+......+.........+........+.........+++++++++++++++++++++++++++++++++++++++*..+..+.+..+......+.+.....\r\n\r\n ...\r\n\r\n......+...+..+...+.......+...++++++\r\n-----\r\nchmod g+r ca.key\r\nchown root:radiusd ca.*\r\nchmod 640 ca.*\r\n[root@nsauth6 certs]# \r\n\r\nroot@nsauth6 certs]# ls -la\r\ntotal 92\r\ndrwxrwx---. 2 root radiusd 4096 May 6 21:45 .\r\ndrwxr-xr-x. 9 root radiusd 4096 May 6 19:00 ..\r\n-rw-r-----. 1 root radiusd 6739 Nov 13 01:30 Makefile\r\n-rw-r-----. 1 root radiusd 8876 Nov 13 01:30 README\r\n-rwxr-x---. 1 root radiusd 2940 Nov 13 01:30 bootstrap\r\n-rw-r----- 1 root radiusd 1421 May 6 21:19 ca.cnf\r\n-rw-r----- 1 root radiusd 1432 May 6 14:12 ca.cnf.org\r\n-rw-r----- 1 root radiusd 1704 May 6 21:45 ca.key\r\n-rw-r----- 1 root radiusd 1684 May 6 21:45 ca.pem\r\n-rw-r----- 1 root radiusd 1096 May 6 21:20 client.cnf\r\n-rw-r----- 1 root radiusd 1103 May 6 14:12 client.cnf.org\r\n-rw-r--r-- 1 root root 0 May 6 21:45 index.txt\r\n-rw-r----- 1 root radiusd 1121 May 6 21:16 inner-server.cnf\r\n-rw-r----- 1 root radiusd 1131 May 6 21:12 inner-server.cnf.org\r\n-rw-r--r-- 1 root radiusd 164 May 6 21:26 passwords.mk\r\n-rw-r--r-- 1 root radiusd 166 May 6 16:11 passwords.mk.org\r\n-rw-r--r-- 1 root root 3 May 6 21:45 serial\r\n-rw-r----- 1 root radiusd 1618 May 6 21:22 server.cnf\r\n-rw-r----- 1 root radiusd 1627 May 6 14:12 server.cnf.org\r\n-rw-r----- 1 root radiusd 3048 May 6 21:36 xpextensions\r\n-rw-r----- 1 root radiusd 3046 May 6 21:32 xpextensions.org\r\n[root@nsauth6 certs]# cat serial\r\n01\r\n[root@nsauth6 certs]# \r\n\r\n[root@nsauth6 certs]# cat ca.key\r\n-----BEGIN PRIVATE KEY-----\r\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCx3FXvuOylK79Y\r\nsH9zgXdYMt8GM86lq4XWnV2DRFIjDDh3PqMv8Ovls0GVl04NOT8EkNqf\/tZ3aLRR\r\nXMhPxNI4gr\/FGaqdXbkdS86zj\/0vFQj+BpZRogykSt05I6kOgsU0NA2CIO8TEZub\r\n\r\n ...\r\n\r\n7UBkk3NYFApKgQ9SwdCA4VbzqtHCPGpPFGCCzPthAoGAZlAUJxnaslC2GCD7YqKi\r\naDcypS+RcjGUqIhaoxXwW31ILVsr89uePpajMxoa\/6gTPua8JrolcNbaju1OVnGZ\r\n6wTII9KHaItOsCuoMeWp\/keZDlpB2PuEn00RFcBdHoj0s+eTA3XWAi4\/7a9N9irX\r\nfYY0vfuDf4cLEV6lKQsTN78=\r\n-----END PRIVATE KEY-----\r\n\r\n[root@nsauth6 certs]# cat ca.pem \r\n-----BEGIN CERTIFICATE-----\r\nMIIErTCCA5WgAwIBAgIUPWigtEFpnUh90pY7u\/zHUWuQDMUwDQYJKoZIhvcNAQEL\r\nBQAweTELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFnYXdhMREwDwYDVQQHDAhZ\r\nb2tvaGFtYTEPMA0GA1UECgwGWTJUZWNoMR8wHQYJKoZIhvcNAQkBFhBhZG1pbkB5\r\n\r\n ...\r\n\r\nvBb+0sXwmWnVd6rts\/j40spp6wLq+k9MWCMpBaSlYUNXrThUsu9IWBrIdv6LBvu\r\nLEO9FLyKZqleCdbHHNoRKN97rTJ9LqeAfLNeyCLCzN4jgu\/GqL\/0E2yhjkCx3stl\r\n0B+dTIa6pEe9iMsXt4gQPT1FMYpcSDHxKyMbHTj7zUuCvcrS7PkHFp6qQH3u4kde\r\nEw==\r\n-----END CERTIFICATE-----\r\n[root@nsauth6 certs]# \r\n\r\n<\/code><\/pre>\r\n
\r\n\u5b9f\u884c\u7d50\u679c\u306e\u30e1\u30c3\u30bb\u30fc\u30b8\u51fa\u529b\u304b\u3089\u5224\u308b\u3088\u3046\u306b\u3001\"make ca.pem\" \u306f\u5358\u7d14\u306bopenssl\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3060\u3051\u3060\uff0e\u3053\u306e\u8fba\u306e\u624b\u9806\u306f\u666e\u6bb5\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c\u624b\u7d9a\u304d\u3092\u884c\u3063\u305f\u3053\u3068\u304c\u3042\u308c\u3070\u3001make\u3092\u4f7f\u308f\u305a\u306b\u81ea\u5206\u3067\u624b\u52d5\u3067\u8a2d\u5b9a\u3057\u3066\u3082\u826f\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n
\r\n
\r\n\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u4f5c\u6210<\/h5>\r\n
\r\n\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u767a\u884c\u7528\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306f \"\/etc\/raddb\/certs\/server.cnf\" \u3067\u3001\u8a8d\u8a3c\u5c40\u306e\u5834\u5408\u3068\u540c\u69d8\u306b\u6709\u52b9\u671f\u9593\u306a\u3069\u5fc5\u8981\u306a\u9805\u76ee\u3092\u4fee\u6b63\u3057\u3066\u304a\u304f\uff0e[server]\u306e\u9805\u76ee\u306b\u3042\u308b\u3001\"commonName\" \u306b\u306f\u305d\u306e\u30b5\u30fc\u30d0\u306e\u540d\u524d\u3092\u8a18\u8f09\u3059\u308b\u304c\u3001WEB\u30b5\u30fc\u30d0\u7528\u306e\u8a3c\u660e\u66f8\u306e\u5834\u5408\u306f\u5fc5\u305a\u30b5\u30a4\u30c8\u306eFQDN\u3092\u8a18\u8f09\u3059\u308b\u3053\u3068\u306b\u306a\u308b\u304c\u3001WEB\u30b5\u30fc\u30d0\u3067\u306f\u306a\u3044\u306e\u3067FQDN\u3067\u3042\u308b\u5fc5\u8981\u306f\u7121\u3044\uff0e\u4e00\u822c\u7684\u306b\u306f\u3001\"commonName\"\u3068\u3057\u3066RADIUS\u30b5\u30fc\u30d0\u306eFQDN\u3092\u8a18\u8f09\u3057\u3066\u304a\u304f\u65b9\u304c\u7121\u96e3\u3060\uff0e<\/p>\r\n
\r\n
\r\n\r\n\r\n[root@nsauth6 certs]# make server.pem\u3000\u3000 <=== \u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u767a\u884c\r\nopenssl req -new -out server.csr -keyout server.key -config .\/server.cnf -noenc\r\n...........+...+...+..+.+.....+.+....\r\n\r\n ...\r\n\r\n+......+......+.+..............++++++\r\n-----\r\nchmod g+r server.key\r\nopenssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key 'whatever' -out server.crt -extensions xpserver_ext -extfile xpextensions -config .\/server.cnf\r\nUsing configuration from .\/server.cnf\r\nCheck that the request matches the signature\r\nSignature ok\r\nCertificate Details:\r\n Serial Number: 1 (0x1)\r\n Validity\r\n Not Before: May 6 12:47:33 2025 GMT\r\n Not After : May 1 12:47:33 2026 GMT\r\n Subject:\r\n countryName = JP\r\n stateOrProvinceName = Kanagawa\r\n organizationName = Y2Tech\r\n commonName = auth.vl100.home.yoko\r\n emailAddress = admin@xxxx.yyyy\r\n X509v3 extensions:\r\n X509v3 Extended Key Usage: \r\n TLS Web Server Authentication\r\n X509v3 CRL Distribution Points: \r\n Full Name:\r\n URI:https:\/\/auth.vl100.home.yoko\/y2ca\/y2_ca.crl\r\n X509v3 Certificate Policies: \r\n Policy: 1.3.6.1.4.1.40808.1.3.2\r\nCertificate is to be certified until May 1 12:47:33 2026 GMT (360 days)\r\n\r\nWrite out database with 1 new entries\r\nDatabase updated\r\nopenssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:'whatever' -passout pass:'whatever'\r\nchmod g+r server.p12\r\nopenssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever'\r\nchmod g+r server.pem\r\nchown root:radiusd server.*\r\nchmod 640 server.*\r\n\r\n[root@nsauth6 certs]# ls -la\r\ntotal 136\r\ndrwxrwx---. 2 root radiusd 4096 May 6 21:47 .\r\ndrwxr-xr-x. 9 root radiusd 4096 May 6 19:00 ..\r\n-rw-r--r-- 1 root root 4804 May 6 21:47 01.pem\r\n-rw-r-----. 1 root radiusd 6739 Nov 13 01:30 Makefile\r\n-rw-r-----. 1 root radiusd 8876 Nov 13 01:30 README\r\n-rwxr-x---. 1 root radiusd 2940 Nov 13 01:30 bootstrap\r\n-rw-r----- 1 root radiusd 1421 May 6 21:19 ca.cnf\r\n-rw-r----- 1 root radiusd 1432 May 6 14:12 ca.cnf.org\r\n-rw-r----- 1 root radiusd 1704 May 6 21:45 ca.key\r\n-rw-r----- 1 root radiusd 1684 May 6 21:45 ca.pem\r\n-rw-r----- 1 root radiusd 1096 May 6 21:20 client.cnf\r\n-rw-r----- 1 root radiusd 1103 May 6 14:12 client.cnf.org\r\n-rw-r--r-- 1 root root 109 May 6 21:47 index.txt\r\n-rw-r--r-- 1 root root 21 May 6 21:47 index.txt.attr\r\n-rw-r--r-- 1 root root 0 May 6 21:45 index.txt.old\r\n-rw-r----- 1 root radiusd 1121 May 6 21:16 inner-server.cnf\r\n-rw-r----- 1 root radiusd 1131 May 6 21:12 inner-server.cnf.org\r\n-rw-r--r-- 1 root radiusd 164 May 6 21:26 passwords.mk\r\n-rw-r--r-- 1 root radiusd 166 May 6 16:11 passwords.mk.org\r\n-rw-r--r-- 1 root root 3 May 6 21:47 serial\r\n-rw-r--r-- 1 root root 3 May 6 21:45 serial.old\r\n-rw-r----- 1 root radiusd 1618 May 6 21:22 server.cnf\r\n-rw-r----- 1 root radiusd 1627 May 6 14:12 server.cnf.org\r\n-rw-r----- 1 root radiusd 4804 May 6 21:47 server.crt\r\n-rw-r----- 1 root radiusd 1184 May 6 21:47 server.csr\r\n-rw-r----- 1 root radiusd 1704 May 6 21:47 server.key\r\n-rw-r----- 1 root radiusd 2803 May 6 21:47 server.p12\r\n-rw-r----- 1 root radiusd 3758 May 6 21:47 server.pem\r\n-rw-r----- 1 root radiusd 3048 May 6 21:36 xpextensions\r\n-rw-r----- 1 root radiusd 3046 May 6 21:32 xpextensions.org\r\n[root@nsauth6 certs]# \r\n[root@nsauth6 certs]# cat server.key\r\n-----BEGIN PRIVATE KEY-----\r\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDHYg7yrij1T\/O3\r\nARPzO2wd14yf5p0CMygI+2jVoW+DYwByduchgIVtk0LypdGPR6FEnPsa07il34xe\r\nBD6RR+AoE+fLNixkiuvbtbgGfO6IFqa3prUcOEf\/0eEg3AlMVcQflylrIokqHmUW\r\n\r\n ...\r\n\r\nm3x0zETKHc4C6K2fK8DpOVHi73mkDp3DzYEGb122cApVJcDPSnms0PgP5usDOxVU\r\nyK\/cGyxaCyAhUnD\/sMOEpTknUPqo1FO6EzJbKrG4bMrJII1XURh4zfCk0GPJuTo\/\r\nT+3DfEoQe4q+CK5CVW3uKA==\r\n-----END PRIVATE KEY-----\r\n[root@nsauth6 certs]# cat server.pem\r\nBag Attributes\r\n localKeyID: 8A E1 94 44 E9 AA AD 26 2E CE 5E 96 44 A4 5C C7 3F 2D 5E 4B \r\nsubject=C=JP, ST=Kanagawa, O=Y2Tech, CN=auth.vl100.home.yoko, emailAddress=admin@xxxx.yyyy\r\nissuer=C=JP, ST=Kanagawa, L=Yokohama, O=Y2Tech, emailAddress=admin@xxxx.yyyy, CN=Y2Tech CA\r\n-----BEGIN CERTIFICATE-----\r\nMIIEETCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJKUDER\r\nMA8GA1UECAwIS2FuYWdhd2ExETAPBgNVBAcMCFlva29oYW1hMQ8wDQYDVQQKDAZZ\r\nMlRlY2gxHzAdBgkqhkiG9w0BCQEWEGFkbWluQHkydGVjaC5uZXQxEjAQBgNVBAMM\r\n\r\n ... \r\n\r\nCrv2VI2GhmqiCIrexUUKEsx\/BtI1o8TeSXwFd2ldHxUv8WUQEgJSQEISM2u7+4C6\r\nJsiCbSNGtYmYQeKcQobJL0ujMfcZBxdilOz9QQEjy\/5\/CeLUlm2geFsb2OSvSzgK\r\n1\/PHIv1kwpNHWqJFzMFIxt3TuSfL66THkQrQl6JAhozuEZA6nW955Vs4nWmTBEBd\r\n\/9mouDiveRS+74UE7Z9cjC58esugXT1pn+wD4mUdbeeYy5gPeg==\r\n-----END CERTIFICATE-----\r\nBag Attributes\r\n localKeyID: 8A E1 94 44 E9 AA AD 26 2E CE 5E 96 44 A4 5C C7 3F 2D 5E 4B \r\nKey Attributes:\r\n-----BEGIN ENCRYPTED PRIVATE KEY-----\r\nMIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQxZ16\/OYd7Z7Ql9T3\r\nsaPE8AICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEMgjfIyjDnZSSHQ3\r\nntqDZSIEggTQtHn9V2dQ\/PvSG2GC3YeMNepzlHFZOF7W9dAoNqU4cNk\/6\/6koMOs\r\n6sV8nUGQpay26SlfKjww+MGg+g2QJGbs3H5N5NzKEFont0p7BEJhpXcN\/APt9bUR\r\n\r\n ...\r\n\r\njmoEL+6kk3lAOoagczww0m\/dm8ypCPe\/OZG22Hbm3+g\/nsUaUQJHT8DpOgGernV8\r\nFqNVeFzG8Pewe+BtP+yhvmxEdAkvwOlnkjyW876jBfmJznt9Hv5CI5XsGJYDIuRS\r\nsT9RmUIQSi+7gl2sLOw\/EPybfN7Rcr2vy2IQ9RiF8nqmvQ6DEPxicoprHM3nmSPL\r\noJcSowuf89cebL00oVFsKwgu4Z+6zTCNQYX50w0hxjgLIqWwmx0A9ww=\r\n-----END ENCRYPTED PRIVATE KEY-----\r\n<\/code><\/pre>\r\n
\r\n\"make server.pem\" \u304c\u884c\u3063\u3066\u3044\u308b\u5185\u5bb9\u3082\u3001\u5b9f\u884c\u7d50\u679c\u306e\u30ed\u30b0\u304b\u3089\u4e00\u9023\u306eopenssl\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u308b\uff0e<\/p>\r\n
\r\n\u4eca\u56de\u306fMS-CHAP(PEAP)\u65b9\u5f0f\u3092\u63a1\u7528\u3059\u308b\u306e\u3067\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u5fc5\u8981\u306f\u7121\u3044\u304c\u3001EAP-TLS\u65b9\u5f0f\u3092\u63a1\u7528\u3059\u308b\u5834\u5408\u306f\u540c\u69d8\u306b \"make client.pem\" \u3092\u5b9f\u884c\u3057\u3066\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd\u3060\uff0e<\/p>\r\n
\r\n
\r\n\r\n\r\n[root@nsauth6 certs]# make client.pem\r\nopenssl req -new -out client.csr -keyout client.key -config .\/client.cnf -noenc\r\n.....+...........+..........+.....+................+......+..+.+..+++++++++++++++++++++++++++++++++++++++*...+++++++++++++++\r\n\r\n...\r\n\r\n...+...+.........+..+.+..+......+...................+..++++++\r\n-----\r\nchmod g+r client.key\r\nopenssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config .\/client.cnf\r\nUsing configuration from .\/client.cnf\r\nCheck that the request matches the signature\r\nSignature ok\r\nCertificate Details:\r\n Serial Number: 2 (0x2)\r\n Validity\r\n Not Before: May 6 13:01:11 2025 GMT\r\n Not After : May 1 13:01:11 2026 GMT\r\n Subject:\r\n countryName = JP\r\n stateOrProvinceName = Kanagawa\r\n organizationName = Y2Tech\r\n commonName = nanashi@y2tech.net\r\n emailAddress = nanashi@y2tech.net\r\n X509v3 extensions:\r\n X509v3 Extended Key Usage: \r\n TLS Web Client Authentication\r\n X509v3 CRL Distribution Points: \r\n Full Name:\r\n URI:https:\/\/auth.vl100.home.yoko\/y2ca\/y2_ca.crl\r\nCertificate is to be certified until May 1 13:01:11 2026 GMT (360 days)\r\n\r\nWrite out database with 1 new entries\r\nDatabase updated\r\nopenssl pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:'whatever' -passout pass:'whatever'\r\nchmod g+r client.p12\r\nopenssl pkcs12 -in client.p12 -out client.pem -passin pass:'whatever' -passout pass:'whatever'\r\nchmod g+r client.pem\r\ncp client.pem 'y2@y2tech.net'.pem\r\nchown root:radiusd client.*\r\nchmod 640 client.*\r\n[root@nsauth6 certs]# \r\n\r\n[root@nsauth6 certs]# cat client.crt\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number: 2 (0x2)\r\n Signature Algorithm: sha256WithRSAEncryption\r\n Issuer: C=JP, ST=Kanagawa, L=Yokohama, O=Y2Tech\/emailAddress=admin@y2tech.net, CN=Y2Tech CA\r\n Validity\r\n Not Before: May 6 13:01:11 2025 GMT\r\n Not After : May 1 13:01:11 2026 GMT\r\n Subject: C=JP, ST=Kanagawa, O=Y2Tech, CN=nanashi@y2tech.net\/emailAddress=nanashi@y2tech.net\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (2048 bit)\r\n Modulus:\r\n 00:93:6e:71:61:c7:33:7d:f5:23:9f:61:0c:49:19:\r\n 8a:7a:ec:96:72:5e:7b:fc:11:fe:0f:ce:bd:02:a1:\r\n 51:d9:a6:41:4c:da:78:e4:95:91:00:2b:21:e2:e7:\r\n 73:0c:04:f3:32:eb:66:a3:cf:17:66:0b:e0:25:b8:\r\n 2c:8f:83:3c:e6:25:03:fe:f2:54:5b:af:6c:14:ac:\r\n 8c:aa:09:68:f2:36:d0:e9:c7:a1:e6:0a:ec:ac:20:\r\n 51:1b:41:e1:73:87:6e:f9:82:b4:bb:37:6e:e4:63:\r\n dc:e4:7e:60:2d:f5:59:15:4b:fc:42:5d:f0:84:56:\r\n 78:3e:70:25:2a:b9:58:99:7f:dd:54:a2:c1:75:5b:\r\n 92:34:fb:fa:39:e9:dd:fd:48:54:62:fe:0b:ea:c3:\r\n 58:7c:a6:74:f1:6f:2b:f9:0d:79:86:29:01:ff:b2:\r\n 9a:f6:fa:a8:b5:22:8a:18:f4:f1:04:b0:74:de:f8:\r\n 8c:39:c5:50:d5:21:a4:93:2a:98:c7:75:0c:72:6d:\r\n 42:3e:f2:b8:f9:17:ca:4d:ce:dc:ed:91:c6:3d:fa:\r\n 7e:8d:ce:b3:e3:f7:c2:91:2e:b8:b8:b0:0b:e8:08:\r\n f0:3c:ce:0b:87:f8:30:f1:75:19:8f:4a:6e:b6:8e:\r\n 14:a2:29:c6:f1:48:b3:d8:f9:2e:d0:77:6c:9e:75:\r\n 2d:39\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Extended Key Usage: \r\n TLS Web Client Authentication\r\n X509v3 CRL Distribution Points: \r\n Full Name:\r\n URI:https:\/\/auth.vl100.home.yoko\/y2ca\/y2_ca.crl\r\n X509v3 Subject Key Identifier: \r\n BF:32:DF:77:4B:CF:9D:B8:71:A9:BC:E4:65:69:2C:F3:28:4B:81:43\r\n X509v3 Authority Key Identifier: \r\n DC:A1:19:DC:B4:F8:90:10:76:25:86:BE:B5:14:16:56:A3:97:07:82\r\n Signature Algorithm: sha256WithRSAEncryption\r\n Signature Value:\r\n c0:ed:58:64:f3:45:38:35:3a:2b:7d:ea:07:7d:7a:1a:b7:37:\r\n 26:b2:8c:16:7b:44:8d:bb:8c:17:4a:5f:0b:09:eb:dc:7f:21:\r\n e6:84:f2:55:71:02:f7:5c:57:9b:7d:c4:c7:69:53:68:72:95:\r\n 8c:52:fc:df:7a:f4:d1:b0:ca:81:98:5a:2b:88:c2:eb:cb:26:\r\n a5:f1:48:03:13:36:aa:e6:ab:db:26:dd:bf:a8:48:dd:33:75:\r\n a4:15:5d:a5:08:c8:8e:da:71:a8:f4:85:8e:d9:ef:9f:9d:77:\r\n 3d:0d:8f:63:2b:db:70:ef:6d:bb:01:e6:53:98:11:43:65:62:\r\n 55:50:73:84:65:71:cf:25:67:5c:58:8f:2a:5f:25:84:05:90:\r\n 9c:89:f6:0a:33:3a:a3:36:40:1d:73:72:7f:56:37:24:48:5a:\r\n 12:d1:a6:38:e3:bb:b9:d1:c4:80:54:80:6d:49:ab:06:bf:3d:\r\n 4f:96:4c:b7:d2:e6:7e:67:62:aa:08:81:ff:98:26:4c:bf:27:\r\n 4e:0b:f3:dd:9e:f7:e7:3c:27:33:4a:13:6b:6c:69:d6:57:dc:\r\n da:eb:77:ed:c0:3e:ee:df:0d:4d:6a:7f:2a:99:6c:26:f4:24:\r\n cf:1f:84:ec:7b:1d:8f:13:b7:3a:b6:df:fc:04:33:c7:72:bd:\r\n 5b:dc:c0:39\r\n-----BEGIN CERTIFICATE-----\r\nMIID8jCCAtqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJKUDER\r\nMA8GA1UECAwIS2FuYWdhd2ExETAPBgNVBAcMCFlva29oYW1hMQ8wDQYDVQQKDAZZ\r\n\r\n ...\r\n\r\nnvfnPCczShNrbGnWV9za63ftwD7u3w1Nan8qmWwm9CTPH4Tsex2PE7c6tt\/8BDPH\r\ncr1b3MA5\r\n-----END CERTIFICATE-----\r\n\r\n\r\n[root@nsauth6 certs]# cat client.pem\r\nBag Attributes\r\n localKeyID: 1D EB 5D 7E 2D A6 7D E2 CA 45 0D C1 8F 11 99 4B 62 7B 4F 32 \r\nsubject=C=JP, ST=Kanagawa, O=Y2Tech, CN=nanashi@y2tech.net, emailAddress=nanashi@y2tech.net\r\nissuer=C=JP, ST=Kanagawa, L=Yokohama, O=Y2Tech, emailAddress=admin@y2tech.net, CN=Y2Tech CA\r\n-----BEGIN CERTIFICATE-----\r\nMIID8jCCAtqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJKUDER\r\nMA8GA1UECAwIS2FuYWdhd2ExETAPBgNVBAcMCFlva29oYW1hMQ8wDQYDVQQKDAZZ\r\n\r\n ...\r\n\r\nnvfnPCczShNrbGnWV9za63ftwD7u3w1Nan8qmWwm9CTPH4Tsex2PE7c6tt\/8BDPH\r\ncr1b3MA5\r\n-----END CERTIFICATE-----\r\nBag Attributes\r\n localKeyID: 1D EB 5D 7E 2D A6 7D E2 CA 45 0D C1 8F 11 99 4B 62 7B 4F 32 \r\nKey Attributes:\r\n-----BEGIN ENCRYPTED PRIVATE KEY-----\r\nMIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQdEwYVf3BU5yo4w1x\r\n0\/OR7wICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEKcR8RCh\/Yr+ZTZj\r\n\r\n ...\r\n\r\nx1QG7Peu4+r4BiS5SLMom8dHlyIOrGNceoGVYSy02JWjguW840lHxBqPYxXotKq8\r\nTwDCumB0NDDvSQlrCinCjftGhZPQzI45owS7zRPOFcwleoTIttaiF0Q=\r\n-----END ENCRYPTED PRIVATE KEY-----\r\n[root@nsauth6 certs]# \r\n\r\nroot@nsauth6 certs]# ls -la\r\ntotal 180\r\ndrwxrwx---. 2 root radiusd 4096 May 6 22:01 .\r\ndrwxr-xr-x. 9 root radiusd 4096 May 6 19:00 ..\r\n-rw-r--r-- 1 root root 4813 May 6 21:58 01.pem\r\n-rw-r--r-- 1 root root 4665 May 6 22:01 02.pem\r\n-rw-r-----. 1 root radiusd 6739 Nov 13 01:30 Makefile\r\n-rw-r-----. 1 root radiusd 8876 Nov 13 01:30 README\r\n-rwxr-x---. 1 root radiusd 2940 Nov 13 01:30 bootstrap\r\n-rw-r----- 1 root radiusd 1421 May 6 21:19 ca.cnf\r\n-rw-r----- 1 root radiusd 1432 May 6 14:12 ca.cnf.org\r\n-rw-r----- 1 root radiusd 1704 May 6 21:58 ca.key <=== CA\u79d8\u5bc6\u9375\r\n-rw-r----- 1 root radiusd 1679 May 6 21:58 ca.pem <=== CA\u8a3c\u660e\u66f8\r\n-rw-r----- 1 root radiusd 1096 May 6 21:20 client.cnf\r\n-rw-r----- 1 root radiusd 1103 May 6 14:12 client.cnf.org\r\n-rw-r----- 1 root radiusd 4665 May 6 22:01 client.crt <=== \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\r\n-rw-r----- 1 root radiusd 1029 May 6 22:01 client.csr\r\n-rw-r----- 1 root radiusd 1704 May 6 22:01 client.key\u3000\u3000\u3000<=== \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u79d8\u5bc6\u9375\r\n-rw-r----- 1 root radiusd 2771 May 6 22:01 client.p12 <=== \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8(P12\u5f62\u5f0f\uff09\r\n-rw-r----- 1 root radiusd 3704 May 6 22:01 client.pem <=== \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8(PEM\u5f62\u5f0f\uff09\r\n-rw-r--r-- 1 root root 208 May 6 22:01 index.txt\r\n-rw-r--r-- 1 root root 21 May 6 22:01 index.txt.attr\r\n-rw-r--r-- 1 root root 21 May 6 21:58 index.txt.attr.old\r\n-rw-r--r-- 1 root root 109 May 6 21:58 index.txt.old\r\n-rw-r----- 1 root radiusd 1121 May 6 21:16 inner-server.cnf\r\n-rw-r----- 1 root radiusd 1131 May 6 21:12 inner-server.cnf.org\r\n-rw-r--r-- 1 root radiusd 164 May 6 21:26 passwords.mk\r\n-rw-r--r-- 1 root radiusd 166 May 6 16:11 passwords.mk.org\r\n-rw-r--r-- 1 root root 3 May 6 22:01 serial\r\n-rw-r--r-- 1 root root 3 May 6 21:58 serial.old\r\n-rw-r----- 1 root radiusd 1618 May 6 21:22 server.cnf\r\n-rw-r----- 1 root radiusd 1627 May 6 14:12 server.cnf.org\r\n-rw-r----- 1 root radiusd 4813 May 6 21:58 server.crt <=== \u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\r\n-rw-r----- 1 root radiusd 1184 May 6 21:58 server.csr\r\n-rw-r----- 1 root radiusd 1704 May 6 21:58 server.key <=== \u30b5\u30fc\u30d0\u79d8\u5bc6\u9375\r\n-rw-r----- 1 root radiusd 2819 May 6 21:58 server.p12 <=== \u30b5\u30fc\u30d0\u8a3c\u660e\u66f8(P12\u5f62\u5f0f\uff09\r\n-rw-r----- 1 root radiusd 3762 May 6 21:58 server.pem <=== \u30b5\u30fc\u30d0\u8a3c\u660e\u66f8(PEM\u5f62\u5f0f\uff09\r\n-rw-r----- 1 root radiusd 3058 May 6 21:57 xpextensions\r\n-rw-r----- 1 root radiusd 3046 May 6 21:32 xpextensions.org\r\n-rw-r----- 1 root root 3704 May 6 22:01 nanashi@y2tech.net.pem <=== \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8(PEM\u5f62\u5f0f\uff09\r\n[root@nsauth6 certs]# \r\n<\/code><\/pre>\r\n
\r\n
\r\n
\r\n\u3010\u88dc\u8db3\u3011\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306e\u8a3c\u660e\u66f8\u3092\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306eOS\u306b\u4fe1\u983c\u3055\u305b\u308b\u65b9\u6cd5<\/h4>\r\n
\r\n\u3042\u308b\u7a0b\u5ea6\u306e\u898f\u6a21\u306e\u4f1a\u793e\u3084\u7d44\u7e54\u306a\u3069\u3067IT\u90e8\u9580\u3092\u6709\u3059\u308b\u5834\u5408\u306f\u3001\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306e\u904b\u7528\u304c\u81ea\u52d5\u5316\u3055\u308c\u3066\u3044\u3066\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u306f\u6700\u521d\u304b\u3089\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a3c\u660e\u66f8\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u305f\u72b6\u614b\u3067PC\u306a\u3069\u3092\u6e21\u3055\u308c\u308b\u5834\u5408\u304c\u591a\u3044\u3060\u308d\u3046\uff0e\u3082\u3046\u5c11\u3057\u898f\u6a21\u304c\u5c0f\u3055\u304f\u5c02\u9580\u306eIT\u90e8\u9580\u304c\u306a\u3044\u4f1a\u793e\u3084\u7d44\u7e54\u306e\u5834\u5408\u306f\u3001\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306e\u904b\u7528\u3084\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a8d\u8a3c\u304c\u4e00\u4f53\u5316\u3055\u308c\u305f\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u578b\u306e\u5c02\u7528\u30b5\u30fc\u30d0\uff08NetAttest EPS<\/a>\u306a\u3069\uff09\u3092\u5c0e\u5165\u3057\u3066\u3044\u308b\u304b\u3082\u3057\u308c\u306a\u3044\uff0e<\/p>\r\n
\r\n\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u578b\u306e\u5c02\u7528\u30b5\u30fc\u30d0\u306f\u3068\u3066\u3082\u9ad8\u4fa1\u306a\u306e\u3067\u3001\u5c0f\u898f\u6a21\u306a\u4f01\u696d\u3084\u7d44\u7e54\u306a\u3069\u3067\u306f\u5c0e\u5165\u3059\u308b\u3053\u3068\u306f\u73fe\u5b9f\u7684\u3067\u306f\u306a\u3044\u3060\u308d\u3046\uff0e\u3053\u306e\u3088\u3046\u306a\u5834\u5408\u306f\u3001IT\u7ba1\u7406\u8005\u304c\u56db\u82e6\u516b\u82e6\u3057\u3066\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u306e\u30b5\u30dd\u30fc\u30c8\u3092\u884c\u308f\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u306e\u3067\u904b\u7528\u30fb\u7ba1\u7406\u306e\u624b\u9593\u306f\u5927\u5909\u306a\u3082\u306e\u3068\u306a\u308b\u3053\u3068\u306f\u907f\u3051\u3089\u308c\u306a\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n
\r\n\u4eca\u56de\u306f802.1x\uff08EAP-PEAP\uff09\u8a8d\u8a3c\u3092\u884c\u3046\u76ee\u7684\u3067\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u3092\u7acb\u3061\u4e0a\u3052\u3001\u5404\u7a2e\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057\u305f\u304c\u3001\u4eca\u56de\u4f5c\u6210\u3057\u305f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306b\u3088\u3063\u3066\u767a\u884c\u3055\u308c\u305f\u4e00\u9023\u306e\u8a3c\u660e\u66f8\u306f\u6240\u8b02\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\u306a\u306e\u3067\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306eOS\u3067\u306f\u6b63\u4f53\u4e0d\u660e\u306e\u8a8d\u8a3c\u5c40\u304c\u767a\u884c\u3057\u305f\u4fe1\u983c\u3067\u304d\u306a\u3044\u8a3c\u660e\u66f8\u3068\u3057\u3066\u53d6\u308a\u6271\u308f\u308c\u3066\u3057\u307e\u3046\u306e\u3067\u3001OS\u3084\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5074\u306e\u8a2d\u5b9a\u306b\u3088\u3063\u3066\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u9055\u53cd\u3068\u3057\u3066\u63a5\u7d9a\u3092\u62d2\u5426\u3055\u308c\u3066\u3057\u307e\u3046\u53ef\u80fd\u6027\u304c\u3042\u308b\uff0e<\/p>\r\n
\r\n\u3053\u306e\u3088\u3046\u306a\u4e8b\u614b\u3092\u907f\u3051\u308b\u305f\u3081\u306b\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u5074\u3067\u306f\u81ea\u5206\u304c\u5229\u7528\u3059\u308bPC\u3084\u30c7\u30d0\u30a4\u30b9\u306eOS\u4e0a\u3067\u3001\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u304c\u767a\u884c\u3057\u305f\u8a3c\u660e\u66f8\u3092\u500b\u5225\u306b\u4fe1\u983c\u3055\u305b\u308b\u3068\u3044\u3046\u9762\u5012\u306a\u4e00\u624b\u9593\u304c\u5fc5\u8981\u306b\u306a\u308b\uff0e<\/p>\r\n
\r\n\u5546\u7528\u306e\u8a3c\u660e\u66f8\u306e\u5834\u5408\u3001PC\u3084\u30c7\u30d0\u30a4\u30b9\u306eOS\u4e0a\u306b\u6700\u521d\u304b\u3089\u5546\u7528\u306e\u8a8d\u8a3c\u5c40\u306e\u8a3c\u660e\u66f8\uff08CA\u30eb\u30fc\u30c8\u8a3c\u660e\u66f8\uff09\u304c\u7d44\u307f\u8fbc\u307e\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u5074\u3067\u306f\u7279\u306b\u4f55\u3082\u3059\u308b\u3053\u3068\u306f\u306a\u3044\u304c\u3001\u4eca\u56de\u306f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306eCA\u8a3c\u660e\u66f8\u3092PC\u3084\u30c7\u30d0\u30a4\u30b9\u306eOS\u4e0a\u3067\u4e8b\u524d\u306b\u4fe1\u983c\u3055\u305b\u3066\u304a\u304f\u3053\u3068\u306b\u3059\u308b\uff0eOS\u306b\u3088\u3063\u3066\u8a3c\u660e\u66f8\u3092\u4fe1\u983c\u3055\u305b\u308b\u624b\u9806\u304c\u7570\u306a\u308b\u304c\u3001\u3068\u308a\u3042\u3048\u305a Mac OS \u3067CA\u8a3c\u660e\u66f8\u3092\u4fe1\u983c\u3055\u305b\u308b\u624b\u9806\u306b\u3064\u3044\u3066\u8aac\u660e\u3059\u308b\uff0e<\/p>\r\n
\r\n1. \u4e0a\u8a18\u306e\u624b\u9806\u3067\u4f5c\u6210\u3055\u308c\u305f\u30d7\u30e9\u30a4\u30d9\u30fc\u30c8\u8a8d\u8a3c\u5c40\u306e\u8a3c\u660e\u66f8\u3000\"ca.pem\"\u3000\u3092\u624b\u5143\u306eMac\u306b\u30b3\u30d4\u30fc\u3059\u308b\uff0e<\/p>\r\n
\r\n\r\n![\"Copy](\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/05\/ImportCARootCert01.png\")
\r\n
\r\nMac\u4e0a\u306e\u9069\u5f53\u306a\u5834\u6240\u306b\"ca.pem\"\u3092\u30b3\u30d4\u30fc\u3059\u308b<\/span>\r\n
\r\n
\r\n<\/div>\r\n
\r\n2. \"ca.pem\" \u30d5\u30a1\u30a4\u30eb\u3092\u30c0\u30d6\u30eb\u30af\u30ea\u30c3\u30af\u3057\u3066\u30ad\u30fc\u30c1\u30a7\u30a4\u30f3\u30a2\u30af\u30bb\u30b9\uff08Keychain Access.app\uff09\u30a2\u30d7\u30ea\u3092\u8d77\u52d5\u3055\u305b\u3001\"ca.pem\" \u30d5\u30a1\u30a4\u30eb\u3092Keychain Access\u306b\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b\uff0e<\/p>\r\n
\r\n\u3000\u3000CA\u8a3c\u660e\u66f8\u306f \"System\"\u30ad\u30fc\u30c1\u30a7\u30a4\u30f3\u306b\u914d\u7f6e\u3055\u308c\u308b\u306e\u3067\u3001\"Certificates\"\u30bf\u30d6\u30da\u30a4\u30f3\u3092\u958b\u304f\u3068\u4fe1\u983c\u3067\u304d\u306a\u3044\u8a3c\u660e\u66f8\u3068\u3057\u3066\u767b\u9332\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304c\u78ba\u8a8d\u3067\u304d\u308b\uff0e<\/p>\r\n
\r\n\r\n![\"Allow](\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/05\/AllowModifying.png\")
\r\n
\r\nKeychain Access\u306b\u7de8\u96c6\u3059\u308b\u8a31\u53ef\u3092\u4e0e\u3048\u308b\uff08\u4ee5\u964d\u4f55\u5ea6\u304b\u3053\u306e\u30c0\u30a4\u30a2\u30ed\u30b0\u304c\u73fe\u308c\u308b\u306e\u3067\u540c\u69d8\u306b\u8a31\u53ef\u3059\u308b\uff09<\/span>\r\n
\r\n
\r\n![\"Import](\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/05\/ImportFile.png\")
\r\n
\r\nKeychain Access\u306b\u3000\"ca.pem\" \u30d5\u30a1\u30a4\u30eb\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b<\/span>\r\n
\r\n
\r\n![\"Untrusted](\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/05\/UntrustedCACerts.png\")
\r\n
\r\n\u3053\u306e\u6642\u70b9\u3067\u306f\u30a4\u30f3\u30dd\u30fc\u30c8\u3055\u308c\u305fCA\u8a3c\u660e\u66f8\u306f\u4fe1\u983c\u3055\u308c\u3066\u3044\u306a\u3044\u8a3c\u660e\u66f8\u3068\u306a\u3063\u3066\u3044\u308b<\/span>\r\n
\r\n<\/div>\r\n
\r\n3. \u3053\u306eCA\u8a3c\u660e\u66f8\uff08\u753b\u9762\u4e0a\u3067\u306f\"Y2Home CA\"\u3068\u3044\u3046\u540d\u524d\uff09\u3092\u30c0\u30d6\u30eb\u30af\u30ea\u30c3\u30af\u3059\u308b\u3068\u3053\u306e\u8a3c\u660e\u66f8\u306e\u5185\u5bb9\u306b\u3064\u3044\u3066\u306e\u8a73\u7d30\u304c\u8868\u793a\u3055\u308c\u3001\"Trust\" \u3092\u958b\u304f\u3068\u4fe1\u983c\u95a2\u4fc2\u306b\u3064\u3044\u3066\u306e\u5404\u7a2e\u632f\u308b\u821e\u3044\u3092\u8a2d\u5b9a\u3059\u308b\u30d7\u30eb\u30c0\u30a6\u30f3\u9805\u76ee\u304c\u73fe\u308c\u308b\uff0e<\/p>\r\n
\r\n\"When using this certificate: \" \u306e\u30d7\u30eb\u30c0\u30a6\u30f3\u9805\u76ee\u3092 \"Always Trust\" \u306b\u5909\u66f4\u3059\u308b\uff0e <\/p> \r\n
\r\n\r\n![\"Change](\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/05\/TrustAlways.png\")
\r\n
\r\n\"Always Trust\"\u306b\u5909\u66f4\u3059\u308b<\/span>\r\n
\r\n
\r\n![\"Registered](\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/05\/RegisteredTrustedCA.png\")
\r\n
\r\n\u4fe1\u983c\u3055\u308c\u305fCA\u8a3c\u660e\u66f8\u3068\u3057\u3066\u767b\u9332\u3055\u308c\u308b<\/span>\r\n
\r\n<\/div>\r\n\r\n","protected":false},"excerpt":{"rendered":"FreeRADIUS\u306b\u306fPKI\u8a3c\u660e\u66f8\u3092\u30e6\u30fc\u30b6\u304c\u81ea\u5206\u81ea\u8eab\u3067\u767a\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u81ea\u5df1\u8a8d\u8a3c\u5c40\uff08\u6240\u8b02\u30aa\u30ec\u30aa\u30ec\u8a8d\u8a3c\u5c40\u3001\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\uff09\u3092\u7c21\u5358\u306b\u7acb\u3061\u4e0a\u3052\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3088\u3046\u306b\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u30d5\u30a1\u30a4\u30eb\u3084Makefile\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u308b\uff0e\u4eca\u56de\u306fFreeRADIUS\u306e\u81ea\u5df1\u8a8d\u8a3c\u5c40\u4f5c\u6210\u30c4\u30fc\u30eb\u3092\u7528\u3044\u308b\u3053\u3068\u306b\u3059\u308b","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[13],"tags":[992,991],"class_list":["post-10547","post","type-post","status-publish","format-standard","hentry","category-sysadmin","tag-pki","tag-private-ca"],"_links":{"self":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/comments?post=10547"}],"version-history":[{"count":3,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10547\/revisions"}],"predecessor-version":[{"id":11304,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10547\/revisions\/11304"}],"wp:attachment":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/media?parent=10547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/categories?post=10547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/tags?post=10547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} - \u3000\u30fb#2 RADIUS\u30b5\u30fc\u30d0\u3068\u306e\u9023\u643a<\/a><\/li>\r\n