29 Jun
2017
29 Jun
'17
11 a.m.
Hello FreeRadius masters, We're planning to use EAP-TTLS with a commercial certificate on freeradius-3.0.4. We do not want any "client certificate" signed by this commercial big CA to log in. Of course, I saw the warning: /etc/raddb/mod-enabled/eap # Note that you should NOT use a globally known CA here! # e.g. using a Verisign cert as a "known CA" means that # ANYONE who has a certificate signed by them can # authenticate via EAP-TLS! This is likely not what you want. But, there's any simple way to forbid globally any CA 'valid client certificate', a part of not using the commercial CA?? Regards.