need help - force EAP-TTLS to validate the server certificate

Alan DeKok aland at
Tue Sep 21 14:21:26 CEST 2010

Klaus Laus wrote:
> The message is clear. Yes I created a client certificate and imported it into the client. 
> When I use TLS to connect to the freeradius server I can choose the client certificate in the TLS dialog and the client can login successfully.
> When I use PEAP to login I have to type in my username and password in the PEAP dialog from windows but I can not select a client certificate, the certificate is imported successfully in the windows certificate manager.

  So... the issue is that you haven't configured the client to use the
client certificate.

> Should I be able to choose a client certificate in the PEAP dialog or should it work when the certificate is saved in the windows certificate manager and I only have to type in my username and password in the PEAP dialog? 

  Ask Microsoft how their software works.  It's annoying to have you ask
a question here when you *already* know that you haven't configured the
client certificate for PEAP.

  It means that you *know* it's not sending a client certificate.  You
*know* you haven't configured one on the client.  And you *still* post
the FreeRADIUS debug output, asking us to debug the *server* to see why
the client certificate isn't being used.

  Microsoft has documentation for Windows.  Read it.

  Alan DeKok.

More information about the Freeradius-Users mailing list