Certificate Validation Process
ktm at rice.edu
ktm at rice.edu
Tue Nov 15 21:33:33 CET 2011
On Tue, Nov 15, 2011 at 01:58:25PM -0600, Whitlow, Michael wrote:
> All,
>
> I have one minor issue to ask the group about.
>
> Using Freeradius to authenticate 802.1X wireless clients, I noticed that if I try to connect to the wireless network and I purposely put in a bad password I still get the popup to validate the server certificate.
>
> On the other radius implementations I am used to the cert validation does not happen until after the user is authenticated. I imagine I have something configured not quite right but I don't know what.
>
> So, in Freeradius is there a way to change it so the validate server certificate comes only after successfull authentication?
>
>
> Thanks much,
>
> Mike
>
If the server cert is bogus, you should not send any authentication
information down a compromised connection. It sounds like it is functioning
correctly now and was broken then.
Cheers,
Ken
More information about the Freeradius-Users
mailing list