Can freeradius support multiple client CA certificates?

Zhang, Ge (Gina) gina.zhang at
Mon Jun 21 22:05:46 CEST 2010


Thank you so much for your help! I am going to try that on my system.

Gina Zhang 

-----Original Message-----
From: Robert Franklin [mailto:rcf34 at] 
Sent: Monday, June 21, 2010 3:03 PM
To: FreeRadius users mailing list
Cc: Zhang, Ge (Gina)
Subject: Re: Can freeradius support multiple client CA certificates?

On 21 Jun 2010, at 19:53, John Dennis wrote:

> A (FreeRADIUS) virtual server does not have a different IP address nor would it have different subject names nor subject alt names.
> I'm not getting the feeling you understand how PKI works, it might be worthwhile to read up on it.

When testing a new server certificate with a different chain to a new root CA, I set up a separate eap module with different certificates.

The two EAP modules were selected using the realm in the username -- something at gave the normal certificates and something at gave the new ones but used the same backend SQL lookup to find account information.

  - Bob

More information about the Freeradius-Users mailing list