AW: understanding

[Heinrich, Sebastian]

> to have a happy client when checking the cert, the 'check certificate' needs to be ticked,
> the CN from the certificate should be in the 'server name' field and the CA ticked
> in the list of CA's.   if you dont see the CA of the RADIUS server in that list, then
> you need to install tha CA into the clients trusted root certificate store...
> copy the .der to the client click on it...then choose to select where to put it...

> (there are loads and loads of documents covering this scattered all over the internet..
> some are newer than others...and so correct)

All in all you can say that if I use PEAP-EAP-MS-CHAPv2 I don't need to create certificates and put them in the FreeRADIUS Server. There is nothing checked if you don't check the checkbox 'check certificate'. Actually the existing certificates in the certs subdirectory could be deleted but the authentification would work?

Best Regards

Sebastian Heinrich
Techn. DV 


Aluminium Oxid Stade GmbH
Johann-Rathje-Köser-Straße
21683 Stade

email  S.Heinrich at aos-stade.de
web    http://www.aos-stade.de