Certificate Validation Process

ktm at rice.edu ktm at rice.edu
Tue Nov 15 21:33:33 CET 2011


On Tue, Nov 15, 2011 at 01:58:25PM -0600, Whitlow, Michael wrote:
> All,
> 
> I have one minor issue to ask the group about. 
> 
> Using Freeradius to authenticate 802.1X wireless clients, I noticed that if I try to connect to the wireless network and I purposely put in a bad password I still get the popup to validate the server certificate. 
> 
> On the other radius implementations I am used to the cert validation does not happen until after the user is authenticated.  I imagine I have something configured not quite right but I don't know what.
> 
> So, in Freeradius is there a way to change it so the validate server certificate comes only after successfull authentication?
> 
> 
> Thanks much,
> 
> Mike
> 

If the server cert is bogus, you should not send any authentication
information down a compromised connection. It sounds like it is functioning
correctly now and was broken then.

Cheers,
Ken



More information about the Freeradius-Users mailing list