Sharing a client cert for EAP-TLS with many identical devices?

Alan DeKok aland at
Thu May 7 16:12:27 CEST 2015

On May 7, 2015, at 9:41 AM, Martin Pauly <pauly at> wrote:
> not exactly an FR problem, but at least I hope not a trivial question:
> My institution is taking part in a program to test the use of 100+ WiFi
> Clients handed out to students for use during a lecture or even for
> online exams. So we have 140 iPads along with a "filling station"
> for easy bulk configuration. WiFi auth will be done with EAP-TLS
> against FR. Now my question: Do I definitely need 140 client certs
> to deploy them on the iPads or could I get along with one cert for #
> all?

  The point of client certs is that they are per-client.  i.e. unique to each client.

> The only drawback I can see is that if one iPad gets lost,
> I have to renew the client cert on _all_ of them, which I
> could bear due to the easy bulk config. Anything else?

  Don't do hacks.  Do it properly.

  Alan DeKok.

More information about the Freeradius-Users mailing list