On Sun, Jan 31, 2010 at 12:09 PM, Mike Diggins <mike.diggins@mcmaster.ca> wrote:
Why self signed versus CA signed? Ideally I would like my clients to not be questioned about the certificate at all. Is that even possible with WPA? If I purchase a CA signed cert, would that eliminate the requirement on the client to acknowledge the certificate or import it?
It would also mean that anyone could go to the same CA, get a client certificate and would be able to login to your wireless network. Not really ideal IMHO ;)
But I don't plan on distributing client certificates for authentication. I intend for them to login with a username and password checked against my Radius server, so I'm not sure what role the certificate plays in that process?
I think the recommendation made perfect sense when you require client certificate, like when deploying EAP/TLS. If you intend to use EAP as a secure tunnel only, and login with user/password (like with PEAPv1/EAP-GTC), using a CA-signed cert might make more sense. -- Fajar