Hi,
I'm doing this on single appliance test environment. How can I renew the default server certificate? Suddenly Windows clients won't connect and the logs were showing expired server certificate errors. Mobile phones still working fine.
QuoteAuth: (5) Login incorrect (eap_peap: (TLS) Alert read:fatal:certificate expired): [admin] (from client APs port 69 cli 30-24-32-46-C6-FC)
Thanks!
Edit: Found this tutorial for Linux:
https://agix.com.au/freeradius-certificate-has-expired-solution/
How do I do this in Opnsense?
System, trust, certificates
You may want to give some more background info (PKI structure?) if that doesn't fix your issue
Hi, thanks for the reply.
I'm not using the Opnsense cert manager and only use the supplied default cert from freeradius pkg.
openssl x509 -in <cert.pem> -noout -text | less
Check the expiry of each cert in your chain and renew as required. If that is your root CA cert, you'll need to generate a new PKI from scratch.
How do your Windows clients get their certs? GPO?
Bart...
Thanks Bart, will try it out later.
Not using GPO as this is just a small test env and it have multiple OS clients. So, all manual.
Update:
Solved by first editing all the necessary .cnf files in the /usr/local/etc/raddb/certs directory (I use WinSCP), stop the freeradius from the web GUI, moved all the all old certs to a backup folder, and then execute the command ./bootstrap
Restarted the Freeradius server and watch the log to see any error. None so far!
Thanks