Different root CA for wpa_supplicant and freeradius

Carolin Latze carolin.latze at unifr.ch
Tue Jan 29 05:07:57 EST 2008

Hi all,

I plan to use different root CAs for the authentication server
(freeradius) and the peers (wpa_supplicant) in EAP-TLS. The reason is
that I use a TPM on the client side, which retrieves certificates from a
special CA (a so called Privacy CA), but I don't use a TPM on the server
side. Both are valid X509 certificates, so it should be possible to
authenticate each other. What do you think? Are there any implementation
issues, which forbid such a setup?


More information about the HostAP mailing list