Verify Certificate

Munroe Sollog mus3 at lehigh.edu
Wed Nov 19 16:18:47 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When using 802.1x to authenticate clients to Active Directory using PEAP.  It seems that even when
using a complete trust chain for a certificate (a real honest-to-god certificate) the clients
still get prompted to 'verify' the certificate.  It would seem like this behavior is by design, as
the user is still expected to confirm that the certificate is what they expect to see (similar to
how ssh works).

Setting aside the common user doesn't do any of that checking, and setting aside a managed
computer environment (Active directory) can side load the certificate on the client automatically.
 Is my experience accurate, and if so how do people deal with this annoyance that I feel is
perpetuating the 'ignore certificate alerts' behavior normal users have?

For reference I have posted images of the certificate alert.

http://i.imgur.com/gNOpBJ0.jpg


- -- 
Munroe Sollog
LTS - Network Analyst
x85002
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJUbLTRAAoJEPbbZiWCKDVC1JcIAIYRcVbBVEyX1JvtboawuQBb
bl14QohEhGg0W0dXbckaKXjJSZNoztvUXe1k/ckBlb6kG5v6uGZoOuEoLF11VrNT
ISRYcJf3lBzFK4xg1ZABC8jVzpgS2a+UiGs0YmafuyvY6+hQAnvveVp1S8OtCs6I
SsZtCUR4phxHvonUN/gKAYL2kaGKQcKDGED47hzXop3a/iUM63eFm1L9vz331lCr
x9t9yN+yZTeJcfGPvJRd4AV03ALWgmnq9RbGcmMGvWpRXN9XpdDmtrgh4ml2RtcG
5JIkuxm4PtrxcVprRRzsQJCSv2Vejc8lJ8LsyuepoAFBw2pc6r18/MSRLvAwE6k=
=H44Y
-----END PGP SIGNATURE-----


More information about the Freeradius-Users mailing list