On Jun 14, 2022, at 9:07 AM, 网络时代 via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I want to replace the certificate generated by Freeradius with the certificate made by "MikroTik". Let me introduce the process of replacing the certificate, enter the certificate directory, use "$ rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*", delete the old certificate, Use SFTP to upload the certificate file produced by MikroTik and convert it into a certificate file with the corresponding name and format. The uploaded certificate category is shown in the screenshot below, and the final debugging output will report an error. Where am I doing wrong? ... tls: Failed reading private key file "/usr/local/etc/raddb/certs/server.pem" tls: error:0906D06C:PEM routines:PEM_read_bio:no start line tls: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib rlm_eap_tls: Failed initializing SSL context
The certificate isn't in PEM format. Use the OpenSSL tools to convert the certificate to PEM format. Alan DeKok.