Freeradius: Generate certificates for client and server authentication
Note: The files and file paths referenced in this guide are using Ubuntu Server 12.04.2. The commands can be run with sudo or from the root user.
1. Install openvpn sudo apt-get install openvpn
2. Make target directory to copy easy-rsa files to. sudo mkdir /etc/openvpn/easy-rsa
3. Copy easy-rsa files to openvpn directory sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
4. Move to openvpn directory for certificate creation. cd /etc/openvpn/easy-rsa
5. Edit the "vars" file to reflect your organization. Below is an example of a file with the comments and empty lines removed. Note: The three comment lines included have been commented out from the default.
6. Create the necessary certificates. These will be moved and freeradius pointed to them at a later time. The below should be done as root in order to set the source properly.
*If you get an error "No /etc/openvpn/easy-rsa/openssl.cnf: file could not be found" run the following command cp openssl-1.0.0.cnf openssl.cnf
./pkitool --initca #This command will create your CA cert
./pkitool --server radius #This command will create radius cert
./pkitool --pkcs12 client #You will need to enter a password when creating this file, this will be used later when installing on the client.
7. Remove testing certificates generated when freeradius is installed
sudo cd /etc/freeradius/certs
sudo rm ca.pem server.key server.pem
8. Copy certificates generated to new location
sudo cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/freeradius/certs/ca.crt
sudo cp /etc/openvpn/easy-rsa/keys/radius.crt /etc/freeradius/certs/radius.crt
sudo cp /etc/openvpn/easy-rsa/keys/radius.key /etc/freeradius/certs/radius.key