EAP-TLS with multiple certificates
Hello everyone. I'm using freeradius-3.0.15 on ubuntu 16.04. I manage one SSID with WPA2-Enterprise based on certificates. My idea is to issue user certificates signed by different CAs, then user to vlan based on an user certificate issuer. I use default server with eap module that requests check-eap-tls site to check TLS-Client-Cert-Issuer attribute. Also I changed /etc/freeradius/mods-config/files/authorize to reflect vlan id depending on issuer. Tell me please is it right thinking and is it possible at all? Earlier I tried to create two eap modules but no success yet. -- Best regards, Alex Morozenko
On Jul 13, 2018, at 11:08 AM, Алексей Морозенко <alexmorozenko@gmail.com> wrote:
Hello everyone. I'm using freeradius-3.0.15 on ubuntu 16.04. I manage one SSID with WPA2-Enterprise based on certificates. My idea is to issue user certificates signed by different CAs, then user to vlan based on an user certificate issuer.
I use default server with eap module that requests check-eap-tls site to check TLS-Client-Cert-Issuer attribute.
Also I changed /etc/freeradius/mods-config/files/authorize to reflect vlan id depending on issuer.
Tell me please is it right thinking and is it possible at all?
Earlier I tried to create two eap modules but no success yet.
Stick all the CAs in the same PEM file, use the attributes from CA cert in the EAP-TLS virtual server. Should work. -Arran
participants (2)
-
Arran Cudbard-Bell -
Алексей Морозенко