Migrating FR3 instance

Matthew Newton mcn at freeradius.org
Fri Nov 1 21:29:48 CET 2019


On Fri, 2019-11-01 at 16:22 -0400, Ted Hyde (RSI) wrote:
> Greets - I would like to migrate a test platform I have in a VM (FR3 
> 3.0.12 on Debian 9) to a bare-metal deployment of same, but keep the 
> client certificates as used in the VM instance. The bare-metal
> version 
> already has other things installed, including a clean copy of FR3,
> so 
> it's not as easy as simply imaging the appliance back to bare-metal.
> I 
> am using eap-tls auth for a NAS, and wireless clients already have
> both 
> the ca certificate and client certificates installed on them and 
> functional. Given that this is a bare-metal install target that
> still 
> has the snakeoil/testing certificates installed, is there a 
> preferred/working method to copy the existing certs across and not 
> destroy the entire system in the process?

FreeRADIUS only uses the certs/keys that are given in the
configuration. So look in mods-enabled/eap (or other similar locations)
and see what files are being included. If they're still in the normal
place then they'll be in the certs/ dir.

Likelihood is it's just a certificate file (possibly with the full
chain), a key file, and a ca root cert file.

"freeradius -XC | grep pem" will probably list everything.

Just copy those over.

Back up the config before you start so you can roll back if needs be
and you can't really go wrong.

-- 
Matthew




More information about the Freeradius-Users mailing list