EAP-TLS with multiple certificates
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Jul 13 17:22:24 CEST 2018
> On Jul 13, 2018, at 11:08 AM, Алексей Морозенко <alexmorozenko at gmail.com> wrote:
>
> Hello everyone.
> I'm using freeradius-3.0.15 on ubuntu 16.04.
> I manage one SSID with WPA2-Enterprise based on certificates.
> My idea is to issue user certificates signed by different CAs, then user to
> vlan based on an user certificate issuer.
>
> I use default server with eap module that requests check-eap-tls site to
> check TLS-Client-Cert-Issuer attribute.
>
> Also I changed /etc/freeradius/mods-config/files/authorize to reflect vlan
> id depending on issuer.
>
> Tell me please is it right thinking and is it possible at all?
>
> Earlier I tried to create two eap modules but no success yet.
Stick all the CAs in the same PEM file, use the attributes from CA cert in the EAP-TLS virtual server.
Should work.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180713/ee8ffb24/attachment.sig>
More information about the Freeradius-Users
mailing list