Freeradius 1.7.8 on pfsense 2.4.0 : eap-tls bug on ca+crl pem file output
-
pfsemse 2.4.0 fresh install ( 2.4.0.b.20170422.1955 )
freeradius2 ( 1.7.8 )configuring eap-tls ca and crl produce pem file output ( /usr/local/etc/raddb/certs/ca_cert.pem ) like this:
-----BEGIN CERTIFICATE----- here my ca certificate....... -----END CERTIFICATE----------BEGIN X509 CRL----- here my crl certificate...... -----END X509 CRL-----instead of this that should be:
-----BEGIN CERTIFICATE----- here my ca certificate....... -----END CERTIFICATE----- -----BEGIN X509 CRL----- here my crl certificate...... -----END X509 CRL-----missing "cr" (carriage return) at the bottom of ca cert
this results in radius service stopping with error:/usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate sectionand you can't re-start it….
you need to manual edit the ca_cert.pem file, insert the missing "cr" and... radius service can start regularly :-)NOTE: I notice this only in 2.4.0 release (this is my first install of the new release), no issue in my other 2.3.4 (same 1.7.8 radius).
-
solved!
https://github.com/pfsense/FreeBSD-ports/pull/344thanks doktornotor!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.