Hello everyone. Im trying to understand how the certificates work in Freeradius. Last time I asked about why I need to install a root certificate on all the windows clients I got the answer that it is because PEAP works that way. But when I read about it on other sites it says that EAP-TTLS and PEAP was created so that you wont need client-side certificates? Is there a difference in client-side certificates and the root certificate? The PEAP0 I want to use is EAP-MSCHAPv2 since that one should not require client-side certificates if I have understood it correctly. Best Regards/ Peter Carlstedt _________________________________________________________________ Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soc...
Hi,
Hello everyone. Im trying to understand how the certificates work in Freeradius. Last time I asked about why I need to install a root certificate on all the windows clients I got the answer that it is because PEAP works that way. But when I read about it on other sites it says that EAP-TTLS and PEAP was created so that you wont need client-side certificates?
client-side certificate means a specific cert for the client..not the root CA. you need a root CA installed because thats that the RADIUS server has been signed with. if you've used a CA to sign the RADIUS cert that is commonly in the client you wont need to install the CA...but eg self-signed CA will need to be installed.
The PEAP0 I want to use is EAP-MSCHAPv2 since that one should not require client-side certificates if I have understood it correctly.
RADIUS server signed by CA CA needs to be on the client if you want to really trust/verify the cert alan
participants (2)
-
Alan Buxey -
Peter Carlstedt