EAP-TLS with different CA per user?

Frank Sweetser fs at WPI.EDU
Fri Jun 6 20:07:25 CEST 2008

I have a configuration which I need, but haven't been able to figure out how 
to make freeradius do it.

I have two users, A and B, both authenticating over wireless using EAP-TLS. 
User A has a certificate which has been signed by CA X, and B has one signed 
by CA Y.

What I need is to tell freeradius that certificates presented by user A should 
only be checked against CA X, and similarly B only by Y.  Putting both X and Y 
in the same CA list won't work in this case due to what appears to be a 
limitation in OpenSSL.

I've been over all the existing docs I can find, and I haven't been able any 
way to do this.  Anyone have any suggestion what I might try?

Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
     GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC

More information about the Freeradius-Users mailing list