Client certs with MSCHAPV2 in PEAP
Alan DeKok
aland at ox.org
Thu Feb 23 22:47:03 CET 2006
"Dave Huff" <dbhuff at yahoo.com> wrote:
> > For EAP-TLS to work, the client certs have to be
> > signed by the server cert.
> Signed by the server cert or by the CA cert? I have a CA that signed the
> server and client certs, and the eap.conf file knows where server and CA
> certs are.
If you're using 1.0.x, that won't work. It doesn't do certificate
chains. The client cert MUST be signed by the server cert. Using a
CA to sign them, both won't work.
I'm not even sure it will work in 1.1.0, to be honest.
Alan DeKok.
More information about the Freeradius-Users
mailing list