EAP-TLS: Same cert, multiple servers and locations?

Matthew Newton mcn4 at leicester.ac.uk
Fri May 6 22:20:52 CEST 2016


On Fri, May 06, 2016 at 03:59:45PM -0400, Ted Hyde wrote:
> Can I use a single common name (ie. myglobalsites) for the certificate set
> across my entire domain, and simply copy the entire set, (ca/pem/der/p12)
> from site to site? Does openssl and freeradius together use any hardware
> info (CPU serial, resolved ip addr, etc) that would cause a copied cert to
> crash?

Same server cert across multiple servers is fine.

The client doesn't see anything about the server when it connects
to an SSID apart from the certificate, so it has no idea which
particular server the response came from. Unlike HTTPS etc there's
no existing network connection and therefore no DNS, so it can't
even check that the "hostname" it's connecting to is the same as
the cert name returned.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list