EAP-TLS: Same cert, multiple servers and locations?
Ted Hyde
laserted at gmail.com
Fri May 6 23:28:16 CEST 2016
>> Can I use a single common name (ie. myglobalsites) for the certificate set
>> across my entire domain, and simply copy the entire set, (ca/pem/der/p12)
>> from site to site? Does openssl and freeradius together use any hardware
>> info (CPU serial, resolved ip addr, etc) that would cause a copied cert to
>> crash?
> Same server cert across multiple servers is fine.
>
> The client doesn't see anything about the server when it connects
> to an SSID apart from the certificate, so it has no idea which
> particular server the response came from. Unlike HTTPS etc there's
> no existing network connection and therefore no DNS, so it can't
> even check that the "hostname" it's connecting to is the same as
> the cert name returned.
>
> Matthew
>
>
Matthew - many thanks, exactly the answer I was looking for!
Ted.
More information about the Freeradius-Users
mailing list