Freeradius 3.0.15 failing to read server.pem file

Chris Bradley bradleyc at
Fri May 17 16:22:29 CEST 2019

Hi Alan! Thanks!

I'm trying to remember where to look for the password in the eap module configuration. I'm guessing at this point that it's in clients.conf?

Sorry, it's been almost 2 years since I set this up and tinkered with it.

Question for you and the group. If we did Ubuntu updates on this server, could that have broken the freeradius configs/functionality?

Appreciate everyones help and patience. =)
>>> Alan DeKok <aland at> 5/17/2019 9:59 AM >>>
On May 17, 2019, at 9:52 AM, Chris Bradley <bradleyc at> wrote:
> We're suddenly having issues where Freeradius will not start. doing
> freeradius -X shows the list below the line.
> Any ideas to help us get it working again? We set it up using an
> install guide so, we are very much newbs at using Freeradius.

  FreeRADIUS doesn't suddenly change how it handles the certificates.  So something else happened.

> tls: Failed reading private key file
> "/etc/freeradius/certs/server.pem"
> tls: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
> decrypt

  The private key file is protected by a password.  That password is in the FreeRADIUS "eap" module configuration.  It's passed to OpenSSL in order to decrypt the private key.

  If OpenSSL is returning "bad decrypt", then the password can't decrypt the key.  There are a few possibilities:

a) the password in the configuration file is wrong
b) the key was re-encrypted with a different password

  You might need to re-generate the private key && certificate.

  Alan DeKok.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list