TLS client and server certificates

wouldsmina wouldsmina at gmail.com
Fri Feb 2 13:46:03 CET 2018


Certificates (certificate_file, private_key_file, and ca_file) are needed
to establish the EAP tunnel (with peap or ttls).
I corrected my problem by removing the tls {} section into mods_enables/eap
file... No tls, no problem (for me) :)

Thanks for your help

2018-02-02 13:13 GMT+01:00 Alan DeKok <aland at deployingradius.com>:

> On Feb 2, 2018, at 4:55 AM, wouldsmina <wouldsmina at gmail.com> wrote:
> >
> > I am currently testing FreeRadius 3.0.12 (debian package). When I'm using
> > the certificates declared in mods-enabled/eap on a TLS client, I get an
> > Access-Accept! This is not dramatic, because these certificates should
> not
> > be disclosed under any circumstances, but I would still like to know if
> > it's a normal behavior and how to prevent it?
>
>   The server creates test certificates.  For... testing.   Such as with
> EAP-TLS.
>
>   If you install the test certs on a client, they will work.  You were the
> one who disclosed them to the client.
>
>   If you don't want to use the test certificates, then delete them.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list