Failure with "TLS authentication" and "Freeradius on Fefora-17"

Ajay Garg ajaygargnsit at
Mon Jan 7 21:32:57 CET 2013

I am confused.

I  will be  grateful if you could specify the sequence of commands to be
run after "make destroycerts".

Note that ::

Running JUST "make client" generates "client.pem" and "ca.pem", but no

Running JUST "make" generates "server.pem" and "ca.pem", but no

On Tue, Jan 8, 2013 at 1:44 AM, John Dennis <jdennis at> wrote:

> On 01/07/2013 02:41 PM, Ajay Garg wrote:
>> Upon restarting, it shows a "missing server.pem" error.
>> I reckon that we need to run "make server" too at some point of time (so
>> that "server.pem" gets generated after "make destroycerts").
> make destroycerts should have removed all the pem files and keys. After
> running make again it will generate all new files. client has a dependency
> on ca and server files so it should have created a new ca, new server key
> and cert, a new client cert. Did it?
> Just to be clear, your client needs to trust the CA that signed your
> server cert and the server needs to trust the CA that signed your client
> cert. Typically those are located on two different machines. Make sure
> those line up or you're doomed. It's not clear to me which machines you're
> running these commands on and where you're copying the resulting files, but
> that's critical to get right. You can  use the same CA to sign both the
> server cert and the client cert, but that's not a requirement, it just
> helps simplify the deployment a tad bit.
>  HOWEVER, I am now confused which "ca.pem" to consider, the one generated
>> via "make server", or the one generated via "make client"?
> Argh... you really need to be much more clear with what you're doing. If
> you're running the cert creation commands on different machines and leaving
> the results on that machine this will never work.
> SIGNER (issuing CA) and how that translates to the configuration parameters
> for each software component (see above).
> --
> John Dennis <jdennis at>
> Looking to carve out IT costs?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list