Can I disable user certificate? Can I generate new one?
Alan DeKok
aland at deployingradius.com
Fri Nov 18 16:28:30 CET 2011
asdf zxcv wrote:
> What if - for some reason - I want to disallow certain user from having
> access? He already has the files he needs installed on his machine. I
> can set Expiration attribute, but is there any other way?
For EAP-TLS, use a CRL. See the OpenSSL documentation.
> 2)
> What if I need to generate a new certificate for the same user? Let's
> say someone gained access to his computer and stole the certificate and
> the key? Can I generate a new certificate for the same user and disable
> the old one he had?
Use CRLs. This is more an OpenSSL question. FreeRADIUS uses
certificates, but it doesn't manage them. You want certificate
management. So... it's not really a FreeRADIUS question.
Alan DeKok.
More information about the Freeradius-Users
mailing list