Possible certificatre problem
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Jul 4 10:15:08 CEST 2016
Hi,
> And again, a client in radius enviroment MUST BE a NAS, so howto is
> not consistent.
there are 2 types
a wireless or endpoint client (your typical OSX or Windows or IOS device....)
and the RADIUS client - the Access Point or switch that the endpoint clients use
to get their network access.
> To me it looks like there is a need for certificate at the station,
> this means that self signed certificat is not usable in a production
> enviroment.
not true - we use local (self-signed) CA - its all about how you provision
your clients (deployment tools help).
> Therefore I will conclude you ned a comersially certificate, if
> using freeradius in af production enviroment. It would be nice if
> that was there somewhere in the documentation, so you know that
> before you start.
the document shouldnt say that as its not tru - especially as using a commercial
certificate leaves you open to security issues (spoofing of your server against
clients that cant check the CN)
> Then a quistion: Will freeradius work with letsencrypt certificate,
> has anybody tryed?
...havent tested - if the LE cert doesnt have the right attributes that clients
want (x509 extensions, SAN etc) then no
alan
More information about the Freeradius-Users
mailing list