password-less keys for TLS

Matt Zagrabelny mzagrabe at
Fri Nov 11 20:27:27 CET 2016


I am wondering what folks think about password-less keys for TLS? Both
the server key - and the client key under EAP-TLS.

The password for the server key is on disk in a config file, so a
password encrypted key seems just about as safe as a password-less

The client keys are bit more vulnerable when they aren't encrypted,
but I thought I would ask the list if anyone is rolling client certs
without passwords.

Thanks for any feedback!


More information about the Freeradius-Users mailing list