All HowTo's Cybersecurity Linux Redhat, Fedora and CentOS Linux Ubuntu, Mint & Debian Linux

FreeRADIUS – Certificate Has Expired – Solution

This article explains how to solve the issue of FreeRADIUS certificates expiring. In this example, we’re using CentOS 7 but the same should work on any Linux provided the paths are the same.

The following commend errors due to a certificate expiring.

systemctl restart freeradius

SO we need to re-generate the certificate. First we need to move the old certificate and associated files out of the way.

cd /etc/raddb/certs
ls -l

You can see in the output from the above “ls” command that there are several files in this ./certs directory. The ones we care about are the “cn”, “server” and “client” files. We’ll move them out of the way and re-generate the certificate. If we don’t move them out of the way first, the process will error.

mkdir /etc/raddb/certs/OldCerts
mv cn.* /etc/raddb/certs/OldCerts/
mv server.* /etc/raddb/certs/OldCerts/
mv client.* /etc/raddb/certs/OldCerts/

Copy these three files back:

cp /etc/raddb/certs/OldCerts/cn.cnf /etc/raddb/certs/
cp /etc/raddb/certs/OldCerts/server.cnf /etc/raddb/certs/
cp /etc/raddb/certs/OldCerts/client.cnf /etc/raddb/certs/

Now we can re-generate the certificate.

cd /etc/raddb/certs/
./bootstrap 

That should have worked. Now you can restart FreeRADIUS:

systemctl restart freeradius

One comment

  1. Didn’t work for me. What did work was:

    # cd /etc/raddb/certs
    # rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*
    # ./bootstrap

Leave a Reply

Your email address will not be published. Required fields are marked *