Per-user TLS certificates with FreeRADIUS



  • I made the move to 2.4 beta a few weeks ago when I was having issues with gui locking up with 2.3 so I figured what the hell since it was a major redo implementing a new switch in the middle of pfsense and wifi, long story. I decided to give freeradius a try yesterday and it worked first try to my amazement, password with eap ttls. I want user certificates to work though. While working on the certificates I noticed my letsencrypt ca and certificates expire July 14 so I went to update them and the lets encrypt certificate with all my hosts didn't make it through one of my upgrades. I set it up again but the CA it sent to cert mgr doesn't have the CA key, maybe a bit off topic I guess. I can't seem to get certificates authentication to work. Am I missing something? I was thinking there would be somewhere in the users profile in freeradius to specify a certificate. I don't want to use the same one for everyone, hence back to my certificate issue