Can freeradius support multiple client CA certificates?
Zhang, Ge (Gina)
gina.zhang at alcatel-lucent.com
Mon Jun 21 22:05:46 CEST 2010
Bob,
Thank you so much for your help! I am going to try that on my system.
Regards,
Gina Zhang
-----Original Message-----
From: Robert Franklin [mailto:rcf34 at cam.ac.uk]
Sent: Monday, June 21, 2010 3:03 PM
To: FreeRadius users mailing list
Cc: Zhang, Ge (Gina)
Subject: Re: Can freeradius support multiple client CA certificates?
On 21 Jun 2010, at 19:53, John Dennis wrote:
> A (FreeRADIUS) virtual server does not have a different IP address nor would it have different subject names nor subject alt names.
>
> I'm not getting the feeling you understand how PKI works, it might be worthwhile to read up on it.
When testing a new server certificate with a different chain to a new root CA, I set up a separate eap module with different certificates.
The two EAP modules were selected using the realm in the username -- something at cam.ac.uk gave the normal certificates and something at test.cam.ac.uk gave the new ones but used the same backend SQL lookup to find account information.
- Bob
More information about the Freeradius-Users
mailing list