freeradius, samba, AD peap/mschap-v2 redundancy and Certificate

Kevin Ehlers kevin at uoregon.edu
Wed Sep 15 20:19:10 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/15/10 11:07 AM, schilling wrote:
> For certificate, do we need a server certificate for both radius1 and
> radius2 if we want supplicant to verify the server certificate?

Just a note on this, you can get a single certificate with SANs (Subject
Alternative Names), and use the same cert on both machines.  It's
sometimes cheaper to go this route.  Also, you can add more SANs and get
the CA to issue you a new cert.  This also allows you to have your two
production machines, and a test machine that use the same cert.  That
way you can test new configurations without having to worry about PKI
issues.

- -- 
Kevin Ehlers
Network Engineer
University of Oregon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyRDh4ACgkQ0l216NgIDrwtawCfYWUWwHQwqM/d1Pr40wL7sn2A
UjUAniQqSI2tqzmTWVk0N/T6x5w3yx10
=Jncp
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list