Greets - I've just recently returned back to the 'ol-RADIUS-game' and was pleasantly surprised to see how much easier it has become. I was able to accelerate through PAP/MD5/LEAP and for the past week have been dancing around full-on EAP-TLS for wireless supplicants, and am happy to be successful. I built our certs using OpenSSL, and have a variety of sup's to deploy, including ipads and windows devices. It dawned on me just now that some of the ipads would like to actually roam amongst different server setups - completely different physical networks, which could be accommodated with different SSIDs and certs, just load them all onto the ipads and go. That seems to be a little bit of a headache to scale up to larger numbers. We did try to anticipate this to some extent as our current wifi setup is a single SSID for all of our wifi networks, regardless of their physical location (spanning different cities even), but we were using WPA2/PSK, so it was pretty easy to administer. I would love to maintain that "walk-and-go" ability that a single SSID and PSK combo gave us. With the certificates, however, they get locked to a common name for installation, and I have traditionally always used the server name for that. For a lot of reasons, the server names are different site to site, so using the server names for common names in the certificates results in many certificates. ie: site01-s1, site02-s1, site03-s1....... Can I use a single common name (ie. myglobalsites) for the certificate set across my entire domain, and simply copy the entire set, (ca/pem/der/p12) from site to site? Does openssl and freeradius together use any hardware info (CPU serial, resolved ip addr, etc) that would cause a copied cert to crash? I am aware of "Cert builder apps" as well as traditional (verisign) SSL-certs that are built off-site that would have no idea of my actual hardware config, so my understanding is that this would work. However I have not used the standalone apps for building, only openssl on the host machine (and prior to this just for VPN security, which was pretty straightforward). I realize this may be a little more openssl-oriented than freeradius specifically, however I'm curious if anyone has experience with the process having a specific relationship or change to freeradius. Thanks in advance! Regards, Ted.