That guide looks reasonable (after a quick glance). They are standard SSL/TLS certs - you might want to pay attention to key length and hash algorithm, but I don't know of any reason why they would be incompatible with FreeRADIUS. You will need to configure FR to accept the certs, but that probably doesn't count as "fiddling". Disclaimer: I am a FreeRADIUS newb, but have operated AD Certificate Services for 12+ years. On Mon, May 3, 2021 at 11:07 AM Vieri Di Paola <vieridipaola@gmail.com> wrote:
On Mon, May 3, 2021 at 3:53 PM Tony Skalski via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
If you use Microsoft's certificate services, you can configure an
automatic
certificate enrollment group policy. This can generate certs for both users and computers as needed. This works for Windows clients. If you have other clients, you will want an MDM or alternatively a certificate onboarding solution, though if you have Macs joined to Active Directory, you should be able to issue the certs without a for-pay MDM.
Yes, most of the clients are Windows. I was in fact thinking of following a guide such as this one:
https://docs.druva.com/Knowledge_Base/inSync/How_To/How_to_set_up_automatic_... However, as I have 0 experience with M$ solutions I was wondering if anyone knew beforehand if the certs deployed by the Microsoft Certification Authority via AD group policy will be compatible with FreeRADIUS without extra fiddling. I'm asking because I wouldn't want to work my way out of Microsoft madness to finally find out that the certs are incompatible unless mangled as noted in this post (which might be outdated):
http://lists.freeradius.org/pipermail/freeradius-users/2006-October/013613.h...
Thanks,
Vieri
-- *Tony Skalski* System Administrator | IT *Office: *507-786-3227 <(507)786-3227> 1510 St. Olaf Avenue Northfield, MN 55057 stolaf.edu