Using an external CA certificate

Alexander Clouter alex at
Tue Mar 1 14:30:29 CET 2011

Matt Langthorpe <matt.langthorpe at> wrote:
> Having a bit of trouble following the official freeradius wiki when it 
> comes to certificates.  Basically I have my own certificate which I 
> want to use.  I have a ***.crt file which was sent by my issuer, and a 
> private.pem file which was created when I made my CSR request using 
> openssl.
alex at chipmunk:~$ unzip
 extracting: 10133697.crt

alex at chipmunk:~$ cat 10133697.crt > server.pem

The infernal folks at Comodo seemed to have changed their process 
recently so that you get the bundle, the old style approach was:
$ cat 10133697.crt TERENASSLCA.crt UTNAddTrustServer_CA.crt AddTrustExternalCARoot.crt > server.pem

Now in your 'eap.conf' file use the following and you should be set:
private_key_password = secret
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.pem

FYI, if you have to do a similar thing with Apache, you want:
SSLEngine               on
SSLCertificateFile      /etc/apache2/certs/example/10133697.crt
SSLCertificateKeyFile   /etc/apache2/certs/example/privkey.pem
SSLCertificateChainFile /etc/apache2/certs/example/

> I have uploaded the two files into my raddb/certs folder, but am 
> unsure as to where to point to them in my eap.conf? I notice none of 
> the cert files listed in eap.conf have a *.crt extension which is a 
> bit confusing.
This is UNIX, file extensions are generally meaningless and should be 


Alexander Clouter
.sigmonster says: I think the world is run by C students.
                  		-- Al McGuire

More information about the Freeradius-Users mailing list