dont distribute certificate

John Dennis jdennis at
Tue Dec 21 16:45:49 CET 2010

On 12/21/2010 10:22 AM, Julian Labus wrote:
> Yes, I was talking about the TLS public certificate, sorry for leaving
> this out.The reason for that is that you only have the ability to
> connect to the hotspot if you have manually installed the public cert on
> your client before connecting.

No, I think you're confused. Perhaps you're referring to the trusted CA 
cert used to sign your public server cert. The CA which signed your 
server cert has to be installed as a trusted CA on the client (or 
resolve to one via a cert chain).

Generally you don't want clients to install trusted CA certs. Therefore 
your server cert must be signed by a CA which is normally trusted and 
hence previously installed. Usually that means a commercial CA which you 
pay to sign your server cert.

John Dennis <jdennis at>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list