eap-tls with a cisco phone
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Jul 20 10:55:42 CEST 2015
hi,
>I’m trying to authenticate a Cisco IP Phone with 802.1X EAP-TLS.
>I added the Cisco root certs to the CA file and the CN name from the
>phone’s cert to the users file.
dont need to do that - its EAP-TLS - so long as the server likes the client cert
(use OSCP, CRL or the EAP-TLS-CHECK module if you wish to change access-accept
policies.
so long as the client has a cert known/trusted by the server...and the server has a cert from same CA
and knows/trusts the CA, this pretty much works out of the box.
reasons it might not work? usually its because the client has the wrong time - thus the cert isnt
valid yet...or has expired..usually the former
alan
More information about the Freeradius-Users
mailing list