diff -u -r freeradius-server-2.1.11.orig/raddb/certs/ca.cnf freeradius-server-2.1.11/raddb/certs/ca.cnf
--- freeradius-server-2.1.11.orig/raddb/certs/ca.cnf	2011-06-20 10:57:14.000000000 -0400
+++ freeradius-server-2.1.11/raddb/certs/ca.cnf	2011-06-21 18:42:02.000000000 -0400
@@ -14,9 +14,9 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
-default_days		= 365
+default_days		= 60
 default_crl_days	= 30
-default_md		= md5
+default_md		= sha1
 preserve		= no
 policy			= policy_match
 
diff -u -r freeradius-server-2.1.11.orig/raddb/certs/client.cnf freeradius-server-2.1.11/raddb/certs/client.cnf
--- freeradius-server-2.1.11.orig/raddb/certs/client.cnf	2011-06-20 10:57:14.000000000 -0400
+++ freeradius-server-2.1.11/raddb/certs/client.cnf	2011-06-21 18:42:02.000000000 -0400
@@ -14,9 +14,9 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
-default_days		= 365
+default_days		= 60
 default_crl_days	= 30
-default_md		= md5
+default_md		= sha1
 preserve		= no
 policy			= policy_match
 
diff -u -r freeradius-server-2.1.11.orig/raddb/certs/server.cnf freeradius-server-2.1.11/raddb/certs/server.cnf
--- freeradius-server-2.1.11.orig/raddb/certs/server.cnf	2011-06-20 10:57:14.000000000 -0400
+++ freeradius-server-2.1.11/raddb/certs/server.cnf	2011-06-21 18:42:02.000000000 -0400
@@ -14,9 +14,9 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
-default_days		= 365
+default_days		= 60
 default_crl_days	= 30
-default_md		= md5
+default_md		= sha1
 preserve		= no
 policy			= policy_match
 
diff -u -r freeradius-server-2.1.11.orig/raddb/eap.conf freeradius-server-2.1.11/raddb/eap.conf
--- freeradius-server-2.1.11.orig/raddb/eap.conf	2011-06-20 10:57:14.000000000 -0400
+++ freeradius-server-2.1.11/raddb/eap.conf	2011-06-22 10:40:42.000000000 -0400
@@ -281,7 +281,11 @@
 			# for the server to print out an error message,
 			# and refuse to start.
 			#
-			make_cert_command = "${certdir}/bootstrap"
+			# Redhat RPM's run the bootstrap certificate creation
+			# as part of the RPM install (not upgrade), therefore
+			# the make_cert_command is commented out.
+			#
+			#make_cert_command = "${certdir}/bootstrap"
 
 			#
 			#  Session resumption / fast reauthentication