John, Is it possible to support multiple sets of server certificates so that one group customer would use one server CA file?
Thanks a lot! Regards, Gina Zhang -----Original Message----- From: freeradius-users-bounces+gina.zhang=alcatel-lucent....@lists.freeradius.org [mailto:freeradius-users-bounces+gina.zhang=alcatel-lucent....@lists.freeradius.org] On Behalf Of Zhang, Ge (Gina) Sent: Monday, June 21, 2010 11:52 AM To: John Dennis; FreeRadius users mailing list Subject: RE: Can freeradius support multiple client CA certificates? John, Thank you very much for the information! I will try it. Regards, Gina -----Original Message----- From: John Dennis [mailto:jden...@redhat.com] Sent: Monday, June 21, 2010 11:20 AM To: FreeRadius users mailing list Cc: Zhang, Ge (Gina) Subject: Re: Can freeradius support multiple client CA certificates? On 06/21/2010 12:00 PM, Zhang, Ge (Gina) wrote: > Hi list, > > Is it possible to support multiple client CA certificates? > Suppose we want to support different customer groups. Each group has > its own CA certificate. Can freeradius support that? Yes, if the CA's are in a bundle set CA_file in eap.conf, if they are individual in a directory set CA_path instead. If you don't understand the above read some OpenSSL documentation, man SSL_CTX_load_verify_locations would be a good place to start. -- John Dennis <jden...@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html