This article explains how to solve the issue of FreeRADIUS certificates expiring. In this example, we’re using CentOS 7 but the same should work on any Linux provided the paths are the same.
The following commend errors due to a certificate expiring.
systemctl restart freeradius
SO we need to re-generate the certificate. First we need to move the old certificate and associated files out of the way.
cd /etc/raddb/certs ls -l
You can see in the output from the above “ls” command that there are several files in this ./certs directory. The ones we care about are the “cn”, “server” and “client” files. We’ll move them out of the way and re-generate the certificate. If we don’t move them out of the way first, the process will error.
mkdir /etc/raddb/certs/OldCerts mv cn.* /etc/raddb/certs/OldCerts/ mv server.* /etc/raddb/certs/OldCerts/ mv client.* /etc/raddb/certs/OldCerts/
Copy these three files back:
cp /etc/raddb/certs/OldCerts/cn.cnf /etc/raddb/certs/ cp /etc/raddb/certs/OldCerts/server.cnf /etc/raddb/certs/ cp /etc/raddb/certs/OldCerts/client.cnf /etc/raddb/certs/
Now we can re-generate the certificate.
cd /etc/raddb/certs/ ./bootstrap
That should have worked. Now you can restart FreeRADIUS:
systemctl restart freeradius
Didn’t work for me. What did work was:
# cd /etc/raddb/certs
# rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*
# ./bootstrap