Freeradius-Users Digest, Vol 56, Issue 18

Peter Carlstedt pc_007 at hotmail.com
Wed Dec 2 18:17:01 CET 2009



> Hi,
> > Hello everyone.
> > Im trying to understand how the certificates work in Freeradius.
> > Last time I asked about why I need to install a root certificate on all the windows clients I got the answer that it is because PEAP works that way. But when I read about it on other sites it says that EAP-TTLS and PEAP was created so that you wont need client-side certificates?
> 
> client-side certificate means a specific cert for the client..not the root CA.
> 
> you need a root CA installed because thats that the RADIUS server has been signed with.
> if you've used a CA to sign the RADIUS cert that is commonly in the client you wont need
> to install the CA...but eg self-signed CA will need to be installed.
> 
> > The PEAP0 I want to use is EAP-MSCHAPv2 since that one should not require client-side certificates if I have understood it correctly.
> 
> RADIUS server signed by CA
> CA needs to be on the client if you want to really trust/verify the cert
> 
> alan


Okay, so is there anyway for me to get the root CA installed without having to do it manually on the clients?

 

Peter
 		 	   		  
_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on Facebook.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091202/9ab29031/attachment.html>


More information about the Freeradius-Users mailing list