23 Feb
2006
23 Feb
'06
4:47 p.m.
"Dave Huff" <dbhuff@yahoo.com> wrote:
For EAP-TLS to work, the client certs have to be signed by the server cert. Signed by the server cert or by the CA cert? I have a CA that signed the server and client certs, and the eap.conf file knows where server and CA certs are.
If you're using 1.0.x, that won't work. It doesn't do certificate chains. The client cert MUST be signed by the server cert. Using a CA to sign them, both won't work. I'm not even sure it will work in 1.1.0, to be honest. Alan DeKok.