Multiple server certificates in EAP-TLS or EAP-TTLS
Eshun Benjamin
bkeshun at yahoo.fr
Wed May 30 07:22:30 CEST 2007
There was a post on this by Mike;
You'll have to set up two instances of the EAP module. The first
instance will have the TLS submodule set up with the information for
Cert1.pem (and the appropriate key and CA cert). The second instance
will have its TLS submodule set with the info for Cert2.pem. It will
look something like this:
modules {
...
eap eap1 {
...
tls {
certificate = Cert1.pem
...
}
}
eap eap2 {
...
tls {
certificate = Cert2.pem
...
}
}
}
authorize {
...
eap1
}
authenticate {
...
eap1
eap2
}
Then, this is one of the few instances where you'll need to manually
specify the Auth-Type in the users file, like this:
DEFAULT Called-Station-ID = "00112233445566:SSID1", Auth-Type := eap1
DEFAULT Called-Station-ID = "00112233445566:SSID2", Auth-Type := eap2
Or, better yet, use regexes (this should work):
DEFAULT Called-Station-ID =~ ":SSID1$", Auth-Type := eap1
==================================================
Benjamin K. Eshun
----- Message d'origine ----
De : Don Peoples <dpeoples at NAVINI.com>
À : freeradius-users at lists.freeradius.org
Envoyé le : Mardi, 29 Mai 2007, 23h27mn 06s
Objet : Multiple server certificates in EAP-TLS or EAP-TTLS
Multiple RADIUS clients can be defined in the clients.conf file. Is there a way to define the location of a server certificate for each client? I'm envisioning a single freeRadius server supporting multiple client authenticators. I want each authenticator to be able to send a unique certificate to identify itself to its supplicants. It appears that the "certificate_file" parameter in the eap.conf file would only support a single certificate.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_____________________________________________________________________________
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070530/e0cc401e/attachment.html>
More information about the Freeradius-Users
mailing list