24 Dec
2016
24 Dec
'16
11:55 a.m.
Hi,
How would that be different from using a proper CA signed cert which we already have ?
because anyone can get a server cert signed by that CA - and most clients are dumb so cannot be set to trust the commonname ...so such clients are ripe to be MITM attacked trivially. very big issue if using EAP-TTLS PAP... and almost just as big for MSCHAPv2 inner which just takes a little more effort to recover the password. dont use public CA for secure 802.1X alan