29 Jun
2017
29 Jun
'17
11:10 a.m.
On Jun 29, 2017, at 11:00 AM, Ramon Escriba <escriba@cells.es> wrote:
We're planning to use EAP-TTLS with a commercial certificate on freeradius-3.0.4.
But, there's any simple way to forbid globally any CA 'valid client certificate', a part of not using the commercial CA??
You can disable the "tls" sub-module in EAP. See raddb/mods-available/eap. They can still use client certificates with PEAP or TTLS, but you will still be checking passwords, so that doesn't matter as much. Alan DeKok.