self-signed root CA

Alan Buxey A.L.M.Buxey at
Thu Jan 26 10:15:30 CET 2012


self-signed CA. the authentication is a closed-loop system. the only people
that need to trust your RADIUS server for authentication are your own
users (unlike eg a public web server). you have full control of your
own CA..and know its policies. With an external CA you are a slave to their
reputation and policies...wouldnt it be nice to come in on a monday
morning and find your CA had been removed by the OS as happened recently...

The issue is with the distribution/installation of that CA - but you already
say you have that great! :-)


More information about the Freeradius-Users mailing list