EAP-TLS: Same cert, multiple servers and locations?

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sun May 8 01:11:16 CEST 2016

> On 7 May 2016, at 17:09, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:
> Yep. But if using same private CA you may as well just use the same server cert on each box too. Then they could be just cloned configs,  controlled by puppet, pulled from git...whatever.

I guess the advantage of using different server certs, is you can do a rolling revocation if they all get compromised, and it'd help a little with debugging (you'd know which backend you were talking to).

Really though it's personal preference :)


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160507/f2af0e59/attachment.sig>

More information about the Freeradius-Users mailing list