PEAP using different CA?
Stefan Winter
stefan.winter at restena.lu
Wed Jul 10 16:17:18 CEST 2013
Hello,
>>> To avoid the need of installing our CA certificate on every Windows
>>> machine, we´ll buy the server certificate from a public CA.
Having the CA cert installed only does half of the job; for EAP
configuration purposes, the CA must explicitly marked as trusted /for
this EAP identity/.
So you still need to tell users to set a checkbox besides that CA. The
difference to importing the CA before that is not much more work; on
Windows, it's a couple of clicks only.
> If this is a usability issue, I recommend you look at dissolvable setup clients like cloudpath, or investigate the various certificate/settings bundles that things like iPhones support.
And since he is from a university and likely his deployment is an
eduroam one, you should also mention the dissolvable client setup tool
"eduroam CAT", https://cat.eduroam.org , which is free and tailored to
eduroam.
It will install private CAs just as fine and automated as it does
commercial CAs.
Greetings,
Stefan Winter
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130710/dc7079c5/attachment.pgp>
More information about the Freeradius-Users
mailing list