Accepting expired CA using EAP-TLS
Hi, I'am using FR 2.1.10 für EAP-TLS over Wifi. The problem is, that our CA has expired and I have to renew it (and it seems also all depending certs), but we're a little late with that. The Wifi-Clients can't connect anymore, because FR says that the CA has expired, which also means, I can't install them the new cert. Is there a dirty hack in EAP to make FR ignore this? TIA Alex
Alexandros Gougousoudis wrote:
I'am using FR 2.1.10 für EAP-TLS over Wifi. The problem is, that our CA has expired and I have to renew it (and it seems also all depending certs), but we're a little late with that. The Wifi-Clients can't connect anymore, because FR says that the CA has expired, which also means, I can't install them the new cert. Is there a dirty hack in EAP to make FR ignore this?
Note that your Wifi-Clients validate the CA cert chain either. So you would need a dirty hack for all of them. => Fix your CA and conduct the CA cert rollout with higher priority instead of wasting your time with dirty hacks opening security holes. Ciao, Michael.
Hi,
Alexandros Gougousoudis wrote:
I'am using FR 2.1.10 für EAP-TLS over Wifi. The problem is, that our CA has expired and I have to renew it (and it seems also all depending certs), but we're a little late with that. The Wifi-Clients can't connect anymore, because FR says that the CA has expired, which also means, I can't install them the new cert. Is there a dirty hack in EAP to make FR ignore this?
fly back in time..... or set the clocks on all your devices to last year... no. if the certificate used for trust has expired then the clients wont accept it. alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alexandros Gougousoudis -
Michael Ströder