802.1x Wi-Fi with FreeIPA workstation certificates: FreeRADIUS: issue server certificates

Issue server certificates

Prepare folders for FreeRADIUS certificates:

mkdir --parents --mode=750 /etc/freeradius/3.0/tls/private
mkdir --parents --mode=755 /etc/freeradius/3.0/tls/certs/ca/wifi
chown --recursive freerad:freerad /etc/freeradius/3.0/tls

Issue a certificate adding it to certmonger:

ipa-getcert request \
  --id=radius_wifi \
  --profile=caIPAserviceCert \
  --renew \
  --keyfile=/etc/freeradius/3.0/tls/private/wifi.key \
  --key-owner=freerad \
  --key-perms=640 \
  --certfile=/etc/freeradius/3.0/tls/certs/wifi.crt \
  --cert-owner=freerad \
  --cert-perms=644 \
  --ca-file=/etc/freeradius/3.0/tls/certs/ca/wifi/wifi.ca.crt \
  --wait \
  --wait-timeout=60 \
  --key-size=2048 

Fix permissions:

chown --recursive freerad:freerad /etc/freeradius/3.0/tls

Check if cert is issued:

ipa-getcert list --id=radius_wifi