Multiple CA-Certs for EAP-TLS

Jouni Malinen j
Mon May 25 07:02:08 PDT 2009

On Fri, May 22, 2009 at 11:42:42AM +0200, Martin Schneider wrote:

> hostapd uses a certificate of an certification authority (CA) to
> verify client certificates in (mutual) EAP-TLS authentication. In my
> setup, I'd need to verify client certificates that are signed by my
> own CA, but also by other CA's. So I've got client certificates signed
> by CA A, CA B, etc... Is it possible that hostapd uses MULTIPLE ca
> certificates (CA A, CA B, ...) for client authentication? If yes, how
> can this be done?

If you are using hostapd as the EAP server with OpenSSL as the TLS
library, you can configure multiple trusted CA certificates by using PEM
format for the CA certificate file (ca_cert in hostapd.conf) and
concatenating all the trusted CA certificates into that file.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list