Home > General Administration > Other Topics > Freeradius: Generate certificates for client and server authentication

Freeradius: Generate certificates for client and server authentication

Table of contents
No headers
Note: The files and file paths referenced in this guide are using Ubuntu Server 12.04.2. The commands can be run with sudo or from the root user.

1. Install openvpn sudo apt-get install openvpn

2. Make target directory to copy easy-rsa files to. sudo mkdir /etc/openvpn/easy-rsa

3. Copy easy-rsa files to openvpn directory sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

4. Move to openvpn directory for certificate creation. cd /etc/openvpn/easy-rsa

5. Edit the "vars" file to reflect your organization. Below is an example of a file with the comments and empty lines removed. Note: The three comment lines included have been commented out from the default.


6. Create the necessary certificates. These will be moved and freeradius pointed to them at a later time. The below should be done as root in order to set the source properly.

*If you get an error "No /etc/openvpn/easy-rsa/openssl.cnf: file could not be found" run the following command cp openssl-1.0.0.cnf openssl.cnf


source ./vars
./pkitool --initca      #This command will create your CA cert
./pkitool --server radius        #This command will create radius cert
./pkitool --pkcs12 client      #You will need to enter a password when creating this file, this will be used later when installing on the client.

7. Remove testing certificates generated when freeradius is installed

sudo cd /etc/freeradius/certs
sudo rm ca.pem server.key server.pem

8. Copy certificates generated to new location

sudo cp /etc/openvpn/easy-rsa/keys/ca.crt /etc/freeradius/certs/ca.crt
sudo cp /etc/openvpn/easy-rsa/keys/radius.crt /etc/freeradius/certs/radius.crt
sudo cp /etc/openvpn/easy-rsa/keys/radius.key /etc/freeradius/certs/radius.key

You must to post a comment.
Last modified
09:40, 3 Feb 2015


This page has no custom tags.


This page has no classifications.

Article ID

ID: 1821

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community