FreeRADIUS with 2 certs/CAs etc
Garber, Neal
Neal.Garber at energyeast.com
Thu Oct 1 04:54:11 CEST 2009
> as Alan Dekok said...deploy a new CA in advanced
> and then sign server with that new CA and put cert into place.
I read Alan's reply and it's logical (as usual ;-) ).
Perhaps it wasn't stated because it was intuitively obvious, but the only thing I would add is that when the new CA cert is deployed to the clients, their wireless config should also be changed to accept both the new and old CA. This way, when you eventually switch FR to the cert signed by the new CA, it will be accepted.
More information about the Freeradius-Users
mailing list