Is it possible to query freeradius' certificate expiration remotely?

Kristofer Hallin kristofer at sunet.se
Tue May 2 05:12:29 UTC 2023


No, there are no functionality in FreeRADIUS to do that. And you get connection refused since FreeRADIUS listen on UDP ports. 

/K

> On 2 May 2023, at 02:05, Matt H <meh1963 at gmail.com> wrote:
> 
> Is it possible to query freeradius' certificate expiration date remotely
> for the cert in /etc/raddb/certs?
> 
> I'm trying to set up an alert so there's notification when the cert is <60
> days from requiring renewal.
> 
> I'm trying the following but the command returns connection refused on all
> of the ports I expected it to work on:
> 
> openssl s_client -servername rad2.domain.com -connect rad2.domain.com:1813
> | openssl x509 -noout -dates
> 
> I've tried ports 443, 8080, 88, 1812, 1813, 1645, 1646, and everything else
> I can find that might be listening, to no avail.
> 
> Thanks for any guidance
> /mh
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list