15 Mar
2017
15 Mar
'17
4:53 a.m.
Herman Øie Kolden <herman@samfundet.no> writes:
On Tue, Mar 14, 2017 at 07:12:28PM -0400, Alan DeKok wrote:
I don't recommend using public CAs for WiFi authentication. It's insecure.
Interesting. Would you mind explaining why?
/usr/share/doc/freeradius/examples/certs/README in the Debian package says In general, you should use self-signed certificates for 802.1x (EAP) authentication. When you list root CAs from other organizations in the "CA_file", you permit them to masquerade as you, to authenticate your users, and to issue client certificates for EAP-TLS. Bjørn