(RADIATOR) Certificate Migration

Hugh Irvine hugh at open.com.au
Mon Jul 24 22:30:54 CDT 2006


Hello Steve -

You can use as many certificates from as many sources as you wish, as  
long as they have the correct extensions.

You will need to make sure that server certificates have the Server  
Authentication extension,
and client certificates have the Client Authentication extension.

regards

Hugh


On 25 Jul 2006, at 01:15, stevecap wrote:

> We are migrating Radiator from self signed certs to Public  
> Certificate authority and are wondering if anyone has done this  
> before.  Can we have our self signed and public certs on the same  
> server and slowly migrate our clients?  We are using TTLS and would  
> like to have a smooth migration.
>
> On the mailing list I saw this, but no response.
>
>  Pavel Paprok wrote:
> > Hallo,
> >
> > is it possible to use EAP with two alternative certificates  
> directories
> > (two independenty generated private certificates) AT ONCE?
> >
> > Users are verified via EAP-PEAP resp EAP-TLS and prompted for  
> login/password.
> > I want to migrate to new certificates but is a problem that some  
> users have
> > stored old root certificate and other users new root certificate  
> (their hw devices
> > can store only one root certificate at once). So I would like to  
> use both certificates
> > in server side at once to be able migrate to new certificates  
> smoothly.
> >
> > Until I tried AuthBy GROUP to define two AuthBy FILE sections  
> with EAP
> > definitions for each set of private certificates but no way. Is  
> it even possible
> > to use two completely different certificates on server side?
> >
> > Thanks,
> > Pavel
>
>
> Steve



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list