The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Martin Pauly <pauly AT hrz.uni-marburg.de>]

Hi,

Am 14.08.21 um 16:07 schrieb Jan-Frederik Rieckers:
> I don't really know what the problem of the CA is.
> (I am not that familiar with current CA policies, but it seems like a
> perfectly valid use case to me)
>
> One possible solution would be to issue Certificates with different CNs,
> but a shared SubjectAltName (SAN).

I wrote:
> > BTW: Not all commenters have seen that we are _only_ talking about layer 2 auth, no DNS involved in the process, and no radsec. 
Sorry, I think Janfred did see very well what were are talking about.
But no workaround should be necessary. One cert from the CA should suffice 
for all layer 2 auth servers
sharing the same logical identity.

Regards, Martin

--
  Dr. Martin Pauly     Phone:  +49-6421-28-23527
  HRZ Univ. Marburg    Fax:    +49-6421-28-26994
  Hans-Meerwein-Str.   E-Mail: pauly AT HRZ.Uni-Marburg.DE
  D-35032 Marburg