hi,
its all about being authenticated as a known part.
if A knows B as a trusted part and B have issued a certificate for C then A will trust C.
the server certificate is issued by the CA ( certificate authority. )
the client needs to have the certificate of the CA ( not the server certificate issued from the CA )
the mschap v2, tls,ttls, are methods of authentication(encryption).
the eap-ttls doesnt requires that the client have a certificate on its own.so you need the ca certificate and the server certificate.
Dear all,
I'd appreciate if somebody could please explain me the meaning of
certificates. I had a look at certs/README, but some things are still
unclear.
As far as I know there are 3 types of certificates on FreeRADIUS:
* ROOT CA
* Server
* Client
What is the purpose of each of them? I know that ROOT CA is required to
allow EAP-TLS, PEAP or EAP-TTLS. Would not having ROOT CA imported on
802.1x supplicant mean that EAP will be just EAP or PEAP etc.? What does
ROOT CA do?
What is the purpose of server certificate? How is that linked with
MSCHAP v2? I remember I could not authenticate xp host with users file
without generating certificates first.
And lastly Client certificate, would I need to install this on a client
PC, what do I get with that?
What are the benefits of using certificates?
Thanks very much for your help.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html