Can freeradius support multiple client CA certificates?
Zhang, Ge (Gina)
gina.zhang at alcatel-lucent.com
Mon Jun 21 19:01:13 CEST 2010
John,
Is it possible to support multiple sets of server certificates so that one group customer would use
one server CA file?
Thanks a lot!
Regards,
Gina Zhang
-----Original Message-----
From: freeradius-users-bounces+gina.zhang=alcatel-lucent.com at lists.freeradius.org [mailto:freeradius-users-bounces+gina.zhang=alcatel-lucent.com at lists.freeradius.org] On Behalf Of Zhang, Ge (Gina)
Sent: Monday, June 21, 2010 11:52 AM
To: John Dennis; FreeRadius users mailing list
Subject: RE: Can freeradius support multiple client CA certificates?
John,
Thank you very much for the information! I will try it.
Regards,
Gina
-----Original Message-----
From: John Dennis [mailto:jdennis at redhat.com]
Sent: Monday, June 21, 2010 11:20 AM
To: FreeRadius users mailing list
Cc: Zhang, Ge (Gina)
Subject: Re: Can freeradius support multiple client CA certificates?
On 06/21/2010 12:00 PM, Zhang, Ge (Gina) wrote:
> Hi list,
>
> Is it possible to support multiple client CA certificates?
> Suppose we want to support different customer groups. Each group has
> its own CA certificate. Can freeradius support that?
Yes, if the CA's are in a bundle set CA_file in eap.conf, if they are individual in a directory set CA_path instead.
If you don't understand the above read some OpenSSL documentation,
man SSL_CTX_load_verify_locations
would be a good place to start.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list