Seemingly obvious question
gregs at sloop.net
Mon Nov 29 00:58:54 CET 2021
I'm running Ubuntu 20.04's packaged FR - and been happy with Enterprise-WPA using EAP-TLS on a single server - authenticating wireless clients.Â
But we're putting more and more machines on E-WPA, and so the FR server becomes a critical resource.
The obvious answer is to have two/multiple servers and that's a option in Unifi. (And most/all other Wifi AP's.)
The question is: Since I'm just using certificates is there anything different that I really need to do, other than setting up the new server, essentially, identically to the first one?
If I revoke certificates I understand I'll need to complete that process on both machines - essentially manually keeping them in sync.
Do I have that right?
(In this setup, both servers will use the same key and certificate - which means I can't revoke one and leave the other running, but that (revoking a server) really doesn't work anyway, since the clients don't look up a CRL somewhere reliable anyway. So, if I lose control of one of the servers, I'm screwed and will have to rebuild the entire PKI framework again, but that's going to happen even if I use different certs/keys for both servers. ...provided I conceptually understand things correctly.)
More information about the Freeradius-Users