Possible certificatre problem

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Jul 4 10:15:08 CEST 2016


> And again, a client in radius enviroment MUST BE a NAS, so howto is
> not consistent.

there are 2 types

a wireless or endpoint client (your typical OSX or Windows or IOS device....)

and the RADIUS client - the Access Point or switch that the endpoint clients use
to get their network access.

> To me it looks like there is a need for certificate at the station,
> this means that self signed certificat is not usable in a production
> enviroment.

not true - we use local (self-signed) CA - its all about how you provision
your clients (deployment tools help).

> Therefore I will conclude you ned a comersially certificate, if
> using freeradius in af production enviroment. It would be nice if
> that was there somewhere in the documentation, so you know that
> before you start.

the document shouldnt say that as its not tru - especially as using a commercial
certificate leaves you open to security issues (spoofing of your server against
clients that cant check the CN)

> Then a quistion: Will freeradius work with letsencrypt certificate,
> has anybody tryed?

...havent tested - if the LE cert doesnt have the right attributes that clients
want (x509 extensions, SAN etc) then no


More information about the Freeradius-Users mailing list