PEAP using different CA?
Fernando Hammerli
fhammerli at puc-rio.br
Wed Jul 10 16:20:21 CEST 2013
Hi, thanks for you reply (extensive to the others),
> Just put both CAs in the directory pointed to by CA_path.
Curently my CA_path is where my users certificates are stored.
I thought I had to offer a different server certificate to the user. I
was able to make it work (PEAP only, not the TLS) by pointing to that
certificate via 'certificate_file =' and the public CA chain via
'CA_file ='.
Could you give me a hint about you tip, that seems to be easier.
I agree 100% about the security concerns on using a public CA. The
problem is that we need to make the usage process as simple as possible.
Students and teachers are easier to help, but we have seasonal/sporadic
users (short curses, seminars), and requiring any intervention has been
creating complaints (and is considered annoying). Even a simple root CA
installation procedure (for Windows only clients) is considered
annoying. So that´s why are considering the public CA - Microsoft could
have done things easier for us :)
Thanks!
Fernando.
More information about the Freeradius-Users
mailing list