EAP-TLS and Windows 10 fails for wireless

Stefan Winter stefan.winter at restena.lu
Sun Jun 12 22:38:42 CEST 2016


> I've installed v3.1x and the problem resolved itself.
> The Wi-fi menu went through the following steps on Windows 10 laptop (the certificates are already installed and the wireless connection was manually added): 
> * Choose a certificate [Ok] 
> * Checking network requirements 
> * Continue connecting ?
> If you expect to find acksys in this location, go ahead and connect. Otherwise, it may be a different network with the same name. 
> [Show certificate details] 
> [Connect] [Cancel]
> * Checking network requirements 
> And the connection was established.

It's funny how some people think that the workflow above equals "it
works". If Windows asks the "Show cert details / do you expect"
question, then this means the server certificate and CA chain checks
*failed* and it's resorting to user-interactive "D'oh, I'm guessing" mode.

So, security-wise, seeing this workflow means your setup is still
broken; just more subtly than before.


Stefan Winter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160612/8a58352e/attachment.sig>

More information about the Freeradius-Users mailing list