Freeradius 3.0.15 failing to read server.pem file
Alan DeKok
aland at deployingradius.com
Fri May 17 15:59:42 CEST 2019
On May 17, 2019, at 9:52 AM, Chris Bradley <bradleyc at bcsc.k12.in.us> wrote:
>
> We're suddenly having issues where Freeradius will not start. doing
> freeradius -X shows the list below the line.
>
> Any ideas to help us get it working again? We set it up using an
> install guide so, we are very much newbs at using Freeradius.
FreeRADIUS doesn't suddenly change how it handles the certificates. So something else happened.
> tls: Failed reading private key file
> "/etc/freeradius/certs/server.pem"
> tls: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt
The private key file is protected by a password. That password is in the FreeRADIUS "eap" module configuration. It's passed to OpenSSL in order to decrypt the private key.
If OpenSSL is returning "bad decrypt", then the password can't decrypt the key. There are a few possibilities:
a) the password in the configuration file is wrong
b) the key was re-encrypted with a different password
You might need to re-generate the private key && certificate.
Alan DeKok.
More information about the Freeradius-Users
mailing list