Can freeradius support multiple client CA certificates?
rcf34 at cam.ac.uk
Mon Jun 21 22:03:21 CEST 2010
On 21 Jun 2010, at 19:53, John Dennis wrote:
> A (FreeRADIUS) virtual server does not have a different IP address nor would it have different subject names nor subject alt names.
> I'm not getting the feeling you understand how PKI works, it might be worthwhile to read up on it.
When testing a new server certificate with a different chain to a new root CA, I set up a separate eap module with different certificates.
The two EAP modules were selected using the realm in the username -- something at cam.ac.uk gave the normal certificates and something at test.cam.ac.uk gave the new ones but used the same backend SQL lookup to find account information.
More information about the Freeradius-Users