eap-tls certificates
Munroe Sollog
mus3 at lehigh.edu
Fri Oct 8 17:50:31 CEST 2021
You're right. I was conflating the role of freeradius and the role of
storing the certificates for distribution to the end users.
On Fri, Oct 8, 2021 at 11:47 AM Alan DeKok <aland at deployingradius.com>
wrote:
> On Oct 8, 2021, at 10:41 AM, Munroe Sollog <mus3 at lehigh.edu> wrote:
> >
> > I'm reading:
> > http://deployingradius.com/documents/configuration/certificates.html
> >
> > It mentions,
> >
> > "You need to edit client.cnf only if you are using EAP-TLS. If not, then
> > that file can be left as-is."
> >
> > Though it doesn't say, I'm assuming i need to edit the [req] and [client]
> > sections? For the [client] section, do I need an entry for every unique
> > client I plan on deploying a certificate to? I'm asking because I don't
> > understand the emailAddress and commonName fields in this context.
>
> The email address and common name fields are pretty descriptive.
>
> Every client certificate needs to be unique. The best way to do this is
> to give them unique names.
>
> > Finally, is there any documentation on how to scale this solution up to
> > support 15k-20k users? I'm hoping something like LDAP or RDBMS is an
> > option?
>
> To do what?
>
> The server doesn't need to store the client certificates. So any DB is
> not relevant here.
>
> What would you store in the DB?
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Munroe Sollog (He/Him/His)
Network Architect
munroe at lehigh.edu
More information about the Freeradius-Users
mailing list