dont distribute certificate
John Dennis
jdennis at redhat.com
Tue Dec 21 16:45:49 CET 2010
On 12/21/2010 10:22 AM, Julian Labus wrote:
> Yes, I was talking about the TLS public certificate, sorry for leaving
> this out.The reason for that is that you only have the ability to
> connect to the hotspot if you have manually installed the public cert on
> your client before connecting.
No, I think you're confused. Perhaps you're referring to the trusted CA
cert used to sign your public server cert. The CA which signed your
server cert has to be installed as a trusted CA on the client (or
resolve to one via a cert chain).
Generally you don't want clients to install trusted CA certs. Therefore
your server cert must be signed by a CA which is normally trusted and
hence previously installed. Usually that means a commercial CA which you
pay to sign your server cert.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list