eap-tls certificates

Munroe Sollog mus3 at lehigh.edu
Fri Oct 8 17:50:31 CEST 2021


You're right.  I was conflating the role of freeradius and the role of
storing the certificates for distribution to the end users.

On Fri, Oct 8, 2021 at 11:47 AM Alan DeKok <aland at deployingradius.com>
wrote:

> On Oct 8, 2021, at 10:41 AM, Munroe Sollog <mus3 at lehigh.edu> wrote:
> >
> > I'm reading:
> > http://deployingradius.com/documents/configuration/certificates.html
> >
> > It mentions,
> >
> > "You need to edit client.cnf only if you are using EAP-TLS. If not, then
> > that file can be left as-is."
> >
> > Though it doesn't say, I'm assuming i need to edit the [req] and [client]
> > sections?  For the [client] section, do I need an entry for every unique
> > client I plan on deploying a certificate to?  I'm asking because I don't
> > understand the emailAddress and commonName fields in this context.
>
>   The email address and common name fields are pretty descriptive.
>
>   Every client certificate needs to be unique.  The best way to do this is
> to give them unique names.
>
> > Finally, is there any documentation on how to scale this solution up to
> > support 15k-20k users?  I'm hoping something like LDAP or RDBMS is an
> > option?
>
>   To do what?
>
>   The server doesn't need to store the client certificates.  So any DB is
> not relevant here.
>
>   What would you store in the DB?
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Munroe Sollog (He/Him/His)
Network Architect
munroe at lehigh.edu


More information about the Freeradius-Users mailing list