cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
Re: [[cat-users]] Multiple certificates within one freeradius configuration for separate CAT profiles
Chronological Thread
- From: Daniele Albrizio <albrizio AT units.it>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Multiple certificates within one freeradius configuration for separate CAT profiles
- Date: Wed, 17 Apr 2019 16:56:39 +0200
- Domainkey-signature: a=rsa-sha1; c=simple; d=units.it; h=subject:to :references:from:message-id:date:mime-version:in-reply-to :content-type; q=dns; s=selector1; b=WJOucB/wU+lpratfa/czcxiGiKv D5GgJnubIzgiEHCcorBxXUZwA0NzD4WO00/Q9FVsAQIbQLJB+67m/5gvp6i9zw9C Hb3nhGs1P0SgKNe/Zwvl03mKy7xcdNgPSZmIH8APPiVxKWaj4liYFner0opncnu4 Q2J+ePxvdaJZJfSc=
Indeed, this is an eduroam CAT mailing list, your question should be definitely better addressed in the freeradius-users AT lists.freeradius.org mailinglist.
A short answer to your question is yes, I did it using an old CA and certificate for a bunch of critical remote untouchable clients (switched based upon their username) sometimes (and freeradius versions) ago.
You need to have two different instances of eap module, each one using a different certificate and switch them using unlang in freeradius configuration authorize section.
This is the archeological configuration I used and then commented out
# if ("%{request:User-Name}" == "host/UNMAINTAINEDhost.my.domain.it") {
# update reply {
# Reply-Message := "Handled With old AddTrust CA"
# }
# eapaddtrust {
# ok = return
# }
# }
# else {
# eapdigi {
# ok = return
# }
# }
On 17/04/19 16:09, Arthur Petrosyan wrote:
Hi,--
We have an educational center (isec.am), and they want to support eduroam users with multiple realms (@isec.am, @edu.isec.am, @alumni.isec.am, etc)
and have all these realms to be configured at single freeradius server.
I can't find the way to configure multiple profile certificates for cat within one freeradius server configuration.
Although I have it working in freeradius's "certs" subdirectory for one realm.
Could anyone share such experience or point to the documentation about how to configure one freeradius server to have multiple realm certificates ("certs" subdirectories ?)
While writing to this CAT list I thought, that this question might not be directly related to CAT, but as I understand it's related in the sence that I need to upload these multiple certificates for each separate CAT profile. If I'm wrong, please suggest more appropriate list to send this request.
I would be very grateful for any related info.
Daniele ALBRIZIO - daniele.albrizio AT units.it
Tel. +39-040.558.3319
UNIVERSITY OF TRIESTE - Network Services
Unita' di Staff Reti di Ateneo
via Alfonso Valerio, 12 I-34127 Trieste, Italy
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [[cat-users]] Multiple certificates within one freeradius configuration for separate CAT profiles, Arthur Petrosyan, 04/17/2019
- Re: [[cat-users]] Multiple certificates within one freeradius configuration for separate CAT profiles, Daniele Albrizio, 04/17/2019
- Re: [[cat-users]] Multiple certificates within one freeradius configuration for separate CAT profiles, Arthur Petrosyan, 04/18/2019
- Re: [[cat-users]] Multiple certificates within one freeradius configuration for separate CAT profiles, Daniele Albrizio, 04/17/2019
Archive powered by MHonArc 2.6.19.