Different root CA for wpa_supplicant and freeradius

Carolin Latze carolin.latze
Tue Jan 29 02:07:57 PST 2008

Hi all,

I plan to use different root CAs for the authentication server
(freeradius) and the peers (wpa_supplicant) in EAP-TLS. The reason is
that I use a TPM on the client side, which retrieves certificates from a
special CA (a so called Privacy CA), but I don't use a TPM on the server
side. Both are valid X509 certificates, so it should be possible to
authenticate each other. What do you think? Are there any implementation
issues, which forbid such a setup?


More information about the Hostap mailing list