Can freeradius support multiple client CA certificates?
Zhang, Ge (Gina)
gina.zhang at alcatel-lucent.com
Mon Jun 21 20:38:44 CEST 2010
John,
Thanks a lot for your response. If I configure multiple virtual server, would it be possible?
Thanks a lot,
Gina Zhang
-----Original Message-----
From: John Dennis [mailto:jdennis at redhat.com]
Sent: Monday, June 21, 2010 12:34 PM
To: Zhang, Ge (Gina)
Cc: FreeRadius users mailing list
Subject: Re: Can freeradius support multiple client CA certificates?
On 06/21/2010 01:01 PM, Zhang, Ge (Gina) wrote:
> John,
>
> Is it possible to support multiple sets of server certificates so that
> one group customer would use one server CA file?
This is a basic PKI question, not really FreeRADIUS. In PKI there can only be one certificate per server. You would have to have different servers with different names and addresses.
The purpose of a server certificate is to prove to the client the server it is connecting to is really the server it expects and is not a man in the middle attack.
There is no way to configure the server to present different certificates based on which client is connecting and there really isn't much point.
I'm not sure why you would want to do this.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list