Can freeradius support multiple client CA certificates?
Zhang, Ge (Gina)
gina.zhang at alcatel-lucent.com
Mon Jun 21 22:05:46 CEST 2010
Thank you so much for your help! I am going to try that on my system.
From: Robert Franklin [mailto:rcf34 at cam.ac.uk]
Sent: Monday, June 21, 2010 3:03 PM
To: FreeRadius users mailing list
Cc: Zhang, Ge (Gina)
Subject: Re: Can freeradius support multiple client CA certificates?
On 21 Jun 2010, at 19:53, John Dennis wrote:
> A (FreeRADIUS) virtual server does not have a different IP address nor would it have different subject names nor subject alt names.
> I'm not getting the feeling you understand how PKI works, it might be worthwhile to read up on it.
When testing a new server certificate with a different chain to a new root CA, I set up a separate eap module with different certificates.
The two EAP modules were selected using the realm in the username -- something at cam.ac.uk gave the normal certificates and something at test.cam.ac.uk gave the new ones but used the same backend SQL lookup to find account information.
More information about the Freeradius-Users