Multiple server certificates in EAP-TLS or EAP-TTLS

Eshun Benjamin bkeshun at yahoo.fr
Wed May 30 07:22:30 CEST 2007


There was a post on this by Mike;

You'll have to set up two instances of the EAP module.  The first  
instance will have the TLS submodule set up with the information for  
Cert1.pem (and the appropriate key and CA cert).  The second instance  
will have its TLS submodule set with the info for Cert2.pem.  It will  
look something like this:

modules {
   ...
   eap eap1 {
     ...
     tls {
       certificate = Cert1.pem
       ...
     }
   }
   eap eap2 {
     ...
     tls {
       certificate = Cert2.pem
       ...
     }
   }
}

authorize {
   ...
   eap1
}

authenticate {
   ...
   eap1
   eap2
}



Then, this is one of the few instances where you'll need to manually  
specify the Auth-Type in the users file, like this:

DEFAULT    Called-Station-ID = "00112233445566:SSID1", Auth-Type := eap1
DEFAULT    Called-Station-ID = "00112233445566:SSID2", Auth-Type := eap2

Or, better yet, use regexes (this should work):
DEFAULT Called-Station-ID =~ ":SSID1$", Auth-Type := eap1


 
================================================== 
Benjamin K. Eshun

----- Message d'origine ----
De : Don Peoples <dpeoples at NAVINI.com>
À : freeradius-users at lists.freeradius.org
Envoyé le : Mardi, 29 Mai 2007, 23h27mn 06s
Objet : Multiple server certificates in EAP-TLS or EAP-TTLS

Multiple RADIUS clients can be defined in the clients.conf file. Is there a way to define the location of a server certificate for each client? I'm envisioning a single freeRadius server supporting multiple client authenticators. I want each authenticator to be able to send a unique certificate to identify itself to its supplicants. It appears that the "certificate_file" parameter in the eap.conf file would only support a single certificate.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html








      _____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070530/e0cc401e/attachment.html>


More information about the Freeradius-Users mailing list