Can I use two or more freeradius server certificates for the same virtual site?

Alan DeKok aland at
Thu Nov 1 13:57:05 CET 2018

On Nov 1, 2018, at 7:07 AM, work vlpl <thework.vlpl at> wrote:
> Certificates have limited lifespan. And when certificate will expire,
> there is a probability that new certificate will not be trusted by
> clients with old configuration.

  Which certificate do you mean?  The client trusts the CA cert.  The server cert is derived from that.

> I am searching the way to smooth it.
> One of the ideas is to configure freeradius to use two server
> certificates. They will have different expiration date. So the old
> clients will be able to use old certificate and the new clients or
> clients with updated configuration will be able to accept new server
> certificate.

  If you're using the same CA cert, just change the server certificate.  All clients should accept the new server certificate automatically.

> So, is it possible to use two or more freeradius server certificates?

  Not really in the way that you're asking.  Because it shouldn't be necessary.

  Alan DeKok.

More information about the Freeradius-Users mailing list