eap-tls certificates

Alan DeKok aland at deployingradius.com
Fri Oct 8 17:46:52 CEST 2021

On Oct 8, 2021, at 10:41 AM, Munroe Sollog <mus3 at lehigh.edu> wrote:
> I'm reading:
> http://deployingradius.com/documents/configuration/certificates.html
> It mentions,
> "You need to edit client.cnf only if you are using EAP-TLS. If not, then
> that file can be left as-is."
> Though it doesn't say, I'm assuming i need to edit the [req] and [client]
> sections?  For the [client] section, do I need an entry for every unique
> client I plan on deploying a certificate to?  I'm asking because I don't
> understand the emailAddress and commonName fields in this context.

  The email address and common name fields are pretty descriptive.

  Every client certificate needs to be unique.  The best way to do this is to give them unique names.

> Finally, is there any documentation on how to scale this solution up to
> support 15k-20k users?  I'm hoping something like LDAP or RDBMS is an
> option?

  To do what?

  The server doesn't need to store the client certificates.  So any DB is not relevant here.

  What would you store in the DB?

  Alan DeKok.

More information about the Freeradius-Users mailing list