20 Jul
2015
20 Jul
'15
4:55 a.m.
hi,
I’m trying to authenticate a Cisco IP Phone with 802.1X EAP-TLS. I added the Cisco root certs to the CA file and the CN name from the phone’s cert to the users file.
dont need to do that - its EAP-TLS - so long as the server likes the client cert (use OSCP, CRL or the EAP-TLS-CHECK module if you wish to change access-accept policies. so long as the client has a cert known/trusted by the server...and the server has a cert from same CA and knows/trusts the CA, this pretty much works out of the box. reasons it might not work? usually its because the client has the wrong time - thus the cert isnt valid yet...or has expired..usually the former alan