[RADIATOR] Presenting two server certificates during a EAP-TLS session. Is that possible at all.
Anders Nilsson
anders.nilsson at umdac.umu.se
Mon May 24 00:05:13 CDT 2010
Hi,
During a meeting with my colleagues a discussion began whether it’s at
possible to present two server certificates with different CA:s at the same
time.
For several practical reasons we are more or less forced to change the
rootCA and therefore we are facing a situation where all the users have to
reconfigure their wireless supplicant setting at a specific time.
Therefore it would seem very practical if there was a possibility to use
both server certificates at the same time.
To my knowledge it is not possible to do this but if someone could prove me
wrong I would be very happy. ;)
So my questing really boils down to if the following is possible to work?
<Handler Realm=/^(UMU\.SE)$/i, EAP-Message=/.+/>
AuthByPolicy ContinueWhileReject
<AuthBy LDAP2)
EAPTLS_CertificateFile %D/OneServerCert
</AuthBy>
<AuthBy LDAP2>
.
.
EAPTLS_CertificateFile %D/AnotherServerCert
</AuthBy>
Of course if there’s another way to do this which I’ve overlooked I’d be
very happy if someone could help me.
Cheers
Anders Nilsson
Network consultant
Umeå university
SUNET Sweden
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100524/81c827a8/attachment.html
More information about the radiator
mailing list