Is it possible to query freeradius' certificate expiration remotely?

Arnaud LAURIOU arnaud.lauriou at renater.fr
Tue May 2 07:28:06 UTC 2023


You can check a certificate with eapol_test and even save it to a local 
file with '-o' option.
Check man pages for wpa_supplicant and eapol_test.


On 5/2/23 02:04, Matt H wrote:
> Is it possible to query freeradius' certificate expiration date remotely
> for the cert in /etc/raddb/certs?
>
> I'm trying to set up an alert so there's notification when the cert is <60
> days from requiring renewal.
>
> I'm trying the following but the command returns connection refused on all
> of the ports I expected it to work on:
>
> openssl s_client -servername rad2.domain.com -connect rad2.domain.com:1813
> | openssl x509 -noout -dates
>
> I've tried ports 443, 8080, 88, 1812, 1813, 1645, 1646, and everything else
> I can find that might be listening, to no avail.
>
> Thanks for any guidance
> /mh
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list