HELP! EAP-TLS: how can I install a cert on a workstation so that it works for all users

Ivan Kalik tnt at kalik.net
Wed Jul 15 21:22:53 CEST 2009


> So are the following correct?:
>
> (1) I can create a single cert for a computer and distribute it to all
> users who may use that computer

You can give same user certificate to any user using the computer - you
can place it on the desktop with installatioon instructions. But don't you
hear a voice in your head: "what is the point of these certificates?".

> (2) I can create a cert for every user and distribute it to every
> computer that a user logs into.

Yes. In normal circumstances such user will have his certificate on the
smart card and computers will be equiped with reders. So, user certificate
is with the (mobile) user, not any possible computer he might use.

> (3) I cannot create a generic "computer cert" that authenticates the
> computer and opens the port?

Yes, you can. But as soon as some user logs onto that computer ...

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list