PEAP using different CA?

Fernando Hammerli fhammerli at
Wed Jul 10 16:20:21 CEST 2013

Hi, thanks for you reply (extensive to the others),

> Just put both CAs in the directory pointed to by CA_path. 

Curently my CA_path is where my users certificates are stored.
I thought I had to offer a different server certificate to the user. I
was able to make it work (PEAP only, not the TLS) by pointing to that
certificate via 'certificate_file =' and the public CA chain via
'CA_file ='.

Could you give me a hint about you tip, that seems to be easier.

I agree 100% about the security concerns on using a public CA. The
problem is that we need to make the usage process as simple as possible.
Students and teachers are easier to help, but we have seasonal/sporadic
users (short curses, seminars), and requiring any intervention has been
creating complaints (and is considered annoying). Even a simple root CA
installation procedure (for Windows only clients) is considered
annoying. So that´s why are considering the public CA - Microsoft could
have done things easier for us :)


More information about the Freeradius-Users mailing list