EAP-TLS: Same cert, multiple servers and locations?
Sylvain Munaut
s.munaut at whatever-company.com
Sat May 7 18:43:33 CEST 2016
Hi,
> ??? You can do that when using the same server CN. On clients configure to
> trust your CA and the one CN of server. Multiple server CNs is what the
> original requester wanted to avoid - and wildcard CN entries can be
> problematic
Multiple server CN is what the OP requested to avoid because he wanted
to roam between sites with a single config and he includes the server
CN in that config (at least that's my understanding).
What I'm pointing out is that you can still achieve roaming with a
single config even if your server don't have the same CN.
Apple clients allow to lock on the cert issuer instead of the cert
itself and so does wpa_supplicant. I can't speak for every EAP-TLS
client of course, but this seems to be a pretty common option.
Cheers,
Sylvain
More information about the Freeradius-Users
mailing list