Multiple radius servers with the same CA

sphaero arnaud at
Wed Mar 24 16:30:28 CET 2010

sphaero wrote:
> Hi all,
> Thanks for these clarifications. So to clear this up I know have one
> machine to generate the certificates. This machine had it's CA setup
> according to instructions found in the certs/README distributed with FR 2.
> Certificates for a second radius server (radius2) using the same CA are
> generated as follow:
> # Certificate request (.csr) en key (.key)
> openssl req -new  -out radius2.csr -keyout lx0008.key -config ./server.cnf
> # Certificate (.crt)
> openssl ca -batch -keyfile ca.key -cert ca.pem -in radius2.csr  -key
> $PASSWORD_CA -out radius2.crt -extensions xpserver_ext -extfile
> xpextensions -config ./server.cnf
> # p12
> openssl pkcs12 -export -in radius2.crt -inkey radius2.key -out radius2.p12 
> -passin pass:$PASSWORD_SERVER -passout pass:$PASSWORD_SERVER
> # PEM
> openssl pkcs12 -in radius2.p12 -out radius2.pem -passin
> (Ofcourse the password vars are replaced with the vars in the ca.cnf &
> server.cnf)
> I then copy the following files onto this second radius server:
> radius2.pem and ca.pem
> Finally I generate a dh file on the second radius server:
> openssl dhparam -out dh 1024
> Bump, still doesn't work :(
> I'm still doing something wrong?
> Rg,
> Arnaud

Forget that last sentence. It does work. Was probably something with the
But if someone can confirm this procedure so it's safe.


View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list