11 Sep
2017
11 Sep
'17
10:33 a.m.
On Mon, 2017-09-11 at 10:22 -0400, Chevalier Violet wrote:
EAP-TLS: Strategies for getting the right certificate to the right user. It needs to be relatively automated.
Users are starting with no internet access.
I was thinking maybe of the following:
1) Use some kind of TTLS-MSCHAPv2 thing with a standard user & password
One solution is for an open network with a captive portal (no Internet access), people log in (https, username, password) there, which generates an installer/config, used to the configure the device. But yes, enrolling on EAP-TLS can be tricky without other certificate/device management systems. -- Matthew