This article explains how to solve the issue of FreeRADIUS certificates expiring. In this example, we’re using CentOS 7 but the same should work on any Linux provided the paths are the same.
The following commend errors due to a certificate expiring.
systemctl restart freeradius
SO we need to re-generate the certificate. First we need to move the old certificate and associated files out of the way.
cd /etc/raddb/certs ls -l
You can see in the output from the above “ls” command that there are several files in this ./certs directory. The ones we care about are the “cn”, “server” and “client” files. We’ll move them out of the way and re-generate the certificate. If we don’t move them out of the way first, the process will error.
mkdir /etc/raddb/certs/OldCerts mv cn.* /etc/raddb/certs/OldCerts/ mv server.* /etc/raddb/certs/OldCerts/ mv client.* /etc/raddb/certs/OldCerts/
Copy these three files back:
cp /etc/raddb/certs/OldCerts/cn.cnf /etc/raddb/certs/ cp /etc/raddb/certs/OldCerts/server.cnf /etc/raddb/certs/ cp /etc/raddb/certs/OldCerts/client.cnf /etc/raddb/certs/
Now we can re-generate the certificate.
cd /etc/raddb/certs/ ./bootstrap
That should have worked. Now you can restart FreeRADIUS:
systemctl restart freeradius