Can I disable user certificate? Can I generate new one?

Alan DeKok aland at
Fri Nov 18 16:28:30 CET 2011

asdf zxcv wrote:
> What if - for some reason - I want to disallow certain user from having
> access? He already has the files he needs installed on his machine. I
> can set Expiration attribute, but is there any other way?

  For EAP-TLS, use a CRL.  See the OpenSSL documentation.

> 2)
> What if I need to generate a new certificate for the same user? Let's
> say someone gained access to his computer and stole the certificate and
> the key? Can I generate a new certificate for the same user and disable
> the old one he had?

  Use CRLs.  This is more an OpenSSL question.  FreeRADIUS uses
certificates, but it doesn't manage them.  You want certificate
management.  So... it's not really a FreeRADIUS question.

  Alan DeKok.

More information about the Freeradius-Users mailing list