-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/15/10 11:07 AM, schilling wrote:
For certificate, do we need a server certificate for both radius1 and radius2 if we want supplicant to verify the server certificate?
Just a note on this, you can get a single certificate with SANs (Subject Alternative Names), and use the same cert on both machines. It's sometimes cheaper to go this route. Also, you can add more SANs and get the CA to issue you a new cert. This also allows you to have your two production machines, and a test machine that use the same cert. That way you can test new configurations without having to worry about PKI issues. - -- Kevin Ehlers Network Engineer University of Oregon -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyRDh4ACgkQ0l216NgIDrwtawCfYWUWwHQwqM/d1Pr40wL7sn2A UjUAniQqSI2tqzmTWVk0N/T6x5w3yx10 =Jncp -----END PGP SIGNATURE-----