Ivan Kalik escribió:
However, there may be multiple servers, each with its own cert. Why
should a client cert be signed by one server when it may be used with
other servers?
(radius) Server certificate doesn't have to be unique. You can copy the
same certificate to all the radius servers that will be accepting
clients issued by that certificate.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I was thinking, in this pki A trust in B only if A certified B. There
maybe better solutions, responding to real life, like A trust in B only
if B give credentials accepted by A. By this way, the general
certification architecture is more dynamic. Server administrator only
are worried about serverside pki but, he must have crl's from clientside
pki, and can accept whatever he wants.
It's only an opinion, i think freeradius is a great job :) for example
with its modular behavior and configuration possibilities.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
