Certificate Provisioning for EAP-TLS Networks

Matt Causey matt.causey at gmail.com
Sat Jan 31 20:09:52 CET 2009


>  How do you get the certificates on the device in the first place?

Well - that's the problem.  I would like for there be a USB cable
method of putting the key material on the device.   Then we could
build some nifty client script to automate the provisioning.  But
these devices in particular don't have that.

As it is - we need to setup some ad-hoc or other non-routed WLAN with
PSK or WEP security, put the device(s) on there and at that point the
devices can pull the certs down via http or tftp.

So, here's how it goes in our test environment.  We have the
'production' WLAN which must remain WPA2/EAP-TLS.  For compliance
there is no flexibility of the security of that WLAN.  *sigh*  OK no
worries it makes it a cool problem to solve.  :-)

So I've just got a laptop temporarily setup with a little ad-hoc
network for provisioning the phones via tftp.  These will be in a
dozen remote locations so I need to build a solution enabling rapid
provisioning of the devices with minimal local technical oversight.

--
Matt



More information about the Freeradius-Users mailing list