multiple CAs
Alan DeKok
aland at deployingradius.com
Mon Jun 8 15:01:10 CEST 2015
On Jun 8, 2015, at 8:38 AM, Christian Bösch <boesch at fhv.at> wrote:
> I have Cisco IP phones which do 802.1X EAP-TLS with their manufactoring installed cert.
> Behind (through the internal switch in the phone) there are clients which do 802.1X PEAP.
> So the phone needs to validate against the Cisco CA and the client against another CA.
> Is there any fallback mechanism so that I can specify 2 CA_file lines in the eap config file?
Read the comments in the EAP module configuration.
# Trusted Root CA list
#
# ALL of the CA's in this list will be trusted
# to issue client certificates for authentication.
That answers your question.
Alan DeKok.
More information about the Freeradius-Users
mailing list