On Jul 9, 2020, at 2:17 PM, Клеусов Владимир Сергеевич via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
Did I understand the procedure correctly ? 1) In the eap module we specify the root certificate 2) Creating client certificates and signing with this root certificate
EAP-TLS requires client certificates. TTLS does not.
3) On the windows client we add our root certificate to trusted root certificates 4) On the Windows client we add the generated client certificates to the trusted personal certificates
For EAP-TLS. Not for TTLS.
If this is true, does tttls/pap require certificates on the server and client ? I thought tttls/pap only requires certifications on the server
Doing *any* TLS requires that the Windows client knows about the root CA. You *don't* need a client certificate for TTLS + PAP. You *do* need a client certificate for EAP-TLS. You *do* need a server certificate which is on FreeRADIUS. That server certificate *must* be signed by the root CA. Alan DeKok.