reuse EAP-TLS client certificiate

Matthew Newton mcn4 at
Wed Sep 9 17:51:34 CEST 2015

On Wed, Sep 09, 2015 at 10:43:34AM -0500, Matt Zagrabelny wrote:
> With EAP-TLS, can one reuse the same client cert across multiple devices?
> I'm guessing "yes", but would appreciate confirmation.

Yes, FR doesn't care about where the certificate from, only that
it's valid.

But then when you need to remove one client from the network, you
revoke its certificate and... no, it's not a good idea for several reasons.

> Tangentially, is there a way to "pin" a certificate to a client's MAC address?

Yes, with grand illusions of security that don't exist. Until a
recent O/S comes along and starts using random MAC addresses, that


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list