On Nov 1, 2018, at 7:07 AM, work vlpl <thework.vlpl@gmail.com> wrote:
Certificates have limited lifespan. And when certificate will expire, there is a probability that new certificate will not be trusted by clients with old configuration.
Which certificate do you mean? The client trusts the CA cert. The server cert is derived from that.
I am searching the way to smooth it. One of the ideas is to configure freeradius to use two server certificates. They will have different expiration date. So the old clients will be able to use old certificate and the new clients or clients with updated configuration will be able to accept new server certificate.
If you're using the same CA cert, just change the server certificate. All clients should accept the new server certificate automatically.
So, is it possible to use two or more freeradius server certificates?
Not really in the way that you're asking. Because it shouldn't be necessary. Alan DeKok.