self-signed root CA

McNutt, Justin M. McNuttJ at
Mon Jan 30 20:47:17 CET 2012

Thanks to all for the responses so far.  I'm still reading through them.

In my case, guests are given a WEP key (which just keeps the "Automatically Connect to Open Networks" devices away) and allowed to connect to a guest SSID which has a separate Internet drain, policies, limitations, etc.  To get high speed access, you have to take the trouble to get an account and use the EAP-enabled network.

Carrot and stick.  But to be clear, I'm not making guests authenticate at all, so that's one nasty problem that is outside of the scope of this particular discussion.


From: Phil Mayers <p.mayers at<mailto:p.mayers at>>
Reply-To: FreeRadius users mailing list <freeradius-users at<mailto:freeradius-users at>>
Date: Fri, 27 Jan 2012 10:07:27 +0000
To: <freeradius-users at<mailto:freeradius-users at>>
Subject: Re: self-signed root CA

On 01/27/2012 12:29 AM, Christ Schlacta wrote:
   I've attached android, windows 7, macosx, and ubuntu linux to an
eap-tls network using wpa2-eap-tls, which requires client and CA certs.
it's no issue once you know what you're doing. the hardest part is the
nearly complete lack of documentation for any OS except linux. you're
limited to what google provides from various blogs.

"Once you know what you're doing".

When guests arrive at your site, they don't want to spend 20 minutes
following intricate docs. Especially if their meeting is only 30 minutes.

Sure *I* can get any of those systems online in under a minute. The
concern is how fast a short-lived guest can get online. Our web-based
"staff create a guest account" portal takes only seconds. Walking the
user through cert installation takes a lot longer.
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list