EAP-TLS with multiple certificates

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Jul 13 17:22:24 CEST 2018

> On Jul 13, 2018, at 11:08 AM, Алексей Морозенко <alexmorozenko at gmail.com> wrote:
> Hello everyone.
> I'm using freeradius-3.0.15 on ubuntu 16.04.
> I manage one SSID with WPA2-Enterprise based on certificates.
> My idea is to issue user certificates signed by different CAs, then user to
> vlan based on an user certificate issuer.
> I use default server with eap module that requests check-eap-tls site to
> check TLS-Client-Cert-Issuer attribute.
> Also I changed /etc/freeradius/mods-config/files/authorize to reflect vlan
> id depending on issuer.
> Tell me please is it right thinking and is it possible at all?
> Earlier I tried to create two eap modules but no success yet.

Stick all the CAs in the same PEM file, use the attributes from CA cert in the EAP-TLS virtual server.

Should work.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180713/ee8ffb24/attachment.sig>

More information about the Freeradius-Users mailing list