Multiple CA-Certs for EAP-TLS
Mon May 25 07:02:08 PDT 2009
On Fri, May 22, 2009 at 11:42:42AM +0200, Martin Schneider wrote:
> hostapd uses a certificate of an certification authority (CA) to
> verify client certificates in (mutual) EAP-TLS authentication. In my
> setup, I'd need to verify client certificates that are signed by my
> own CA, but also by other CA's. So I've got client certificates signed
> by CA A, CA B, etc... Is it possible that hostapd uses MULTIPLE ca
> certificates (CA A, CA B, ...) for client authentication? If yes, how
> can this be done?
If you are using hostapd as the EAP server with OpenSSL as the TLS
library, you can configure multiple trusted CA certificates by using PEM
format for the CA certificate file (ca_cert in hostapd.conf) and
concatenating all the trusted CA certificates into that file.
Jouni Malinen PGP id EFC895FA
More information about the Hostap