Replacement certificate

Alan DeKok aland at
Tue Jun 14 17:50:29 UTC 2022

On Jun 14, 2022, at 9:07 AM, 网络时代 via Freeradius-Users <freeradius-users at> wrote:
> I want to replace the certificate generated by Freeradius with the certificate made by "MikroTik".
> Let me introduce the process of replacing the certificate, enter the certificate directory, use "$ rm -f *.pem *.der *.csr *.crt *.key *.p12 serial* index.txt*", delete the old certificate, Use SFTP to upload the certificate file produced by MikroTik and convert it into a certificate file with the corresponding name and format. The uploaded certificate category is shown in the screenshot below, and the final debugging output will report an error.
> Where am I doing wrong?
> ...
> tls: Failed reading private key file "/usr/local/etc/raddb/certs/server.pem"
> tls: error:0906D06C:PEM routines:PEM_read_bio:no start line
> tls: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
> rlm_eap_tls: Failed initializing SSL context

  The certificate isn't in PEM format.

  Use the OpenSSL tools to convert the certificate to PEM format.

  Alan DeKok.

More information about the Freeradius-Users mailing list