Home > General Administration > Other Topics > Freeradius: Generate certificates for client and server authentication

Freeradius: Generate certificates for client and server authentication

Table of contents
No headers

Note: The files and file paths referenced in this guide are using Ubuntu Server 12.04.2. The commands can be run with sudo or from the root user.

 

1. Install openvpn sudo apt-get install openvpn

2. Make target directory to copy easy-rsa files to. sudo mkdir /etc/openvpn/easy-rsa

3. Copy easy-rsa files to openvpn directory sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

4. Move to openvpn directory for certificate creation. cd /etc/openvpn/easy-rsa

5. Edit the "vars" file to reflect your organization. Below is an example of a file with the comments and empty lines removed. Note: The three comment lines included have been commented out from the default.

b4baceeb-b451-4825-87ea-57bad5c8de8e

 

6. Create the necessary certificates. These will be moved and freeradius pointed to them at a later time. The below should be done as root in order to set the source properly.

*If you get an error "No /etc/openvpn/easy-rsa/openssl.cnf: file could not be found" run the following command cp openssl-1.0.0.cnf openssl.cnf

source ./vars
./clean-all
./pkitool --initca      #This command will create your CA cert
./pkitool --server radius        #This command will create radius cert
./pkitool --pkcs12 client      #You will need to enter a password when creating this file, this will be used later when installing on the client.

7. Remove testing certificates generated when freeradius is installed

sudo cd /etc/freeradius/certs
sudo rm ca.pem server.key server.pem

8. Copy certificates generated to new location

sudo cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/freeradius/certs/ca.crt
sudo cp /etc/openvpn/easy-rsa/keys/radius.crt /etc/freeradius/certs/radius.crt
sudo cp /etc/openvpn/easy-rsa/keys/radius.key /etc/freeradius/certs/radius.key

You must to post a comment.
Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1821

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community