Can freeradius support multiple client CA certificates?

Robert Franklin rcf34 at cam.ac.uk
Mon Jun 21 22:03:21 CEST 2010


On 21 Jun 2010, at 19:53, John Dennis wrote:

> A (FreeRADIUS) virtual server does not have a different IP address nor would it have different subject names nor subject alt names.
> 
> I'm not getting the feeling you understand how PKI works, it might be worthwhile to read up on it.

When testing a new server certificate with a different chain to a new root CA, I set up a separate eap module with different certificates.

The two EAP modules were selected using the realm in the username -- something at cam.ac.uk gave the normal certificates and something at test.cam.ac.uk gave the new ones but used the same backend SQL lookup to find account information.

  - Bob





More information about the Freeradius-Users mailing list