Fernando Calvelo Vazquez <fernando.calvelo@esrf.fr> wrote:
How can I force the CA validation on a EAP-TTLS configuration. If in my Windows-Supplicant software I select the CA validation, it works. But if remove it, and I use only the User-Credentials Authentication part... it works also. I would like to force that the CA certification Authentication part must be mandatory also.
(I'm using windows-supplicant software with EAP-TTLS method) Thanks in advance,
You cannot, this is a client side issue. It is an identical situation to connecting to 'secure' websites, the secure website cannot do anything to prevent the user overriding and accepting an expired/invalid cert when connecting to their site. It's one of the reasons we use SecureW2 as it lets you 'script' this cert validation[1]. This is great for situations where you do not administratively control the connecting workstations (like in a university) however if this is a company where you have admin rights to all the machines they probably are part of an AD domain and so you can set up a GPO (or whatever it is called) to do this for you instead. Cheers [1] I hope you are also validating the subject line, otherwise you are making the CA validation (for commerically signed certs) pointless -- Alexander Clouter .sigmonster says: I wonder if I should put myself in ESCROW!!