Can I use two or more freeradius server certificates for the same virtual site?
Brian Julin
BJulin at clarku.edu
Thu Nov 1 16:29:54 CET 2018
Alan DeKok <aland at deployingradius.com> wrote:
> client: let's do TLS!
>
> server: Sure, here's my CA and server cert!
>
> client: Uh... not what I wanted, goodbye!
>
> The only way to signal which CA you want is by some other method. i.e. changing the outer identities, as Christian suggested.
Just a note for edification/general interest, in the case of non-Windows IPSEC, there are modes where
clients can send requests for desired CAs over the IKE protocol. Doesn't help for WiFi unless maybe if
you are doing Open+IPSEC setups.
(Windows can do that mode too but the client doesn't do sufficient security checks in that mode,
you have to tunnel PEAP to get CN validation)
More information about the Freeradius-Users
mailing list