reuse EAP-TLS client certificiate
Matthew Newton
mcn4 at leicester.ac.uk
Wed Sep 9 17:51:34 CEST 2015
On Wed, Sep 09, 2015 at 10:43:34AM -0500, Matt Zagrabelny wrote:
> With EAP-TLS, can one reuse the same client cert across multiple devices?
>
> I'm guessing "yes", but would appreciate confirmation.
Yes, FR doesn't care about where the certificate from, only that
it's valid.
But then when you need to remove one client from the network, you
revoke its certificate and...
...so no, it's not a good idea for several reasons.
> Tangentially, is there a way to "pin" a certificate to a client's MAC address?
Yes, with grand illusions of security that don't exist. Until a
recent O/S comes along and starts using random MAC addresses, that
is.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list