20 Jan
2012
20 Jan
'12
5:48 a.m.
On 01/20/2012 08:16 AM, Mark Holmes wrote:
Your problem is going to be>distributing the server cert to the>clients NOT distributing client
Maybe I've missed something here, but why will he need to distribute a cert to clients?
If you're using a private CA for signing the radius server certs, which is generally cited as best practice because it provides belt & braces; in the event a client does not learn & subsequently re-check the cert CN, a public CA would allow an attacker to impersonate your SSID. A private CA does not. Some people (us included) choose to use a public CA and accept the risk, in return for significantly easier deployment.