PEAP using different CA?
stefan.winter at restena.lu
Wed Jul 10 16:17:18 CEST 2013
>>> To avoid the need of installing our CA certificate on every Windows
>>> machine, we´ll buy the server certificate from a public CA.
Having the CA cert installed only does half of the job; for EAP
configuration purposes, the CA must explicitly marked as trusted /for
this EAP identity/.
So you still need to tell users to set a checkbox besides that CA. The
difference to importing the CA before that is not much more work; on
Windows, it's a couple of clicks only.
> If this is a usability issue, I recommend you look at dissolvable setup clients like cloudpath, or investigate the various certificate/settings bundles that things like iPhones support.
And since he is from a university and likely his deployment is an
eduroam one, you should also mention the dissolvable client setup tool
"eduroam CAT", https://cat.eduroam.org , which is free and tailored to
It will install private CAs just as fine and automated as it does
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users