8 Jun
2015
8 Jun
'15
9:01 a.m.
On Jun 8, 2015, at 8:38 AM, Christian Bösch <boesch@fhv.at> wrote:
I have Cisco IP phones which do 802.1X EAP-TLS with their manufactoring installed cert. Behind (through the internal switch in the phone) there are clients which do 802.1X PEAP. So the phone needs to validate against the Cisco CA and the client against another CA. Is there any fallback mechanism so that I can specify 2 CA_file lines in the eap config file?
Read the comments in the EAP module configuration. # Trusted Root CA list # # ALL of the CA's in this list will be trusted # to issue client certificates for authentication. That answers your question. Alan DeKok.