Hi, Could you please clarify you warning regarding client configuration? Some systems allow my EAP-TTLS+PAP configuration out of the box, do you mean in could be insecure? Are there any way to prevent client authentication unless it have my CA installed? Thank you. On Thu, Sep 8, 2016 at 8:43 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
I'm using EAP-TTPS+PAP for authentication. Are there any way to prevent WiFi SSID spoofing without distributing my own CA certificate? Does it make a sense to sign my server key with any of the public CA and what should I supply as CN for such key?
use your own CA...as for distributing it - it wil be installed with an 802.1X profile deployment tool....which *especially* for EAP-TTLS/PAP you should be using (because clients REALLY need to be configured correctly/securely when using that method!)
alan
-- Bogdan Rudas Head of Minsk IT Support Department Exadel Inc. http://www.exadel.com/ E-mail: brudas@exadel.com Skype ID: bogdan.rudas -- CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.