On Wed, Sep 09, 2015 at 10:43:34AM -0500, Matt Zagrabelny wrote:
With EAP-TLS, can one reuse the same client cert across multiple devices?
I'm guessing "yes", but would appreciate confirmation.
Yes, FR doesn't care about where the certificate from, only that it's valid. But then when you need to remove one client from the network, you revoke its certificate and... ...so no, it's not a good idea for several reasons.
Tangentially, is there a way to "pin" a certificate to a client's MAC address?
Yes, with grand illusions of security that don't exist. Until a recent O/S comes along and starts using random MAC addresses, that is. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>