EAP-TTLS auth
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Thu Dec 3 14:59:39 CET 2009
Hi,
> ...and I guest it is not due to the "Client Certificate" because it was succeed authenticated in the previous tests
> Probably is due to I am not sure what I should write in the box reserved for "Server or Certificate Name" (on the "Step 2 of 2" at the supplicant windows software)
> Anyone knows what I should write at this box? I could not find a "server name" or "domain name" at the certificate (as it is explained on the "windows in-line help")
this will be the CN of your server certificate.
so, if , when your RADIUS server got signed by the CA it became known
as eg radius.happyorg.org then the name you put into the client is
radius.happyorg.org
dotn forget, this is NOT a DNS name - it is purely a 'label' - just the CN
of the server.... and you must have the CA present to check that server cert
has been signed by your trusted CA (for otherwise anyone can make a server
have a dumb cert with radius.happyorg.org as its CN
alan
More information about the Freeradius-Users
mailing list