TLS certificates authorities.
Bogdan Rudas
brudas at exadel.com
Fri Sep 9 08:00:34 CEST 2016
Hi,
Could you please clarify you warning regarding client configuration? Some
systems allow my EAP-TTLS+PAP configuration out of the box, do you mean in
could be insecure? Are there any way to prevent client authentication
unless it have my CA installed?
Thank you.
On Thu, Sep 8, 2016 at 8:43 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> > I'm using EAP-TTPS+PAP for authentication. Are there any way to prevent
> > WiFi SSID spoofing without distributing my own CA certificate? Does it
> make
> > a sense to sign my server key with any of the public CA and what should I
> > supply as CN for such key?
>
> use your own CA...as for distributing it - it wil be installed with an
> 802.1X
> profile deployment tool....which *especially* for EAP-TTLS/PAP you should
> be using (because clients REALLY need to be configured correctly/securely
> when using that method!)
>
> alan
>
--
Bogdan Rudas
Head of Minsk IT Support Department
Exadel Inc.
http://www.exadel.com/
E-mail: brudas at exadel.com
Skype ID: bogdan.rudas
--
CONFIDENTIALITY NOTICE: This email and files attached to it are
confidential. If you are not the intended recipient you are hereby notified
that using, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited. If you have received
this email in error please notify the sender and delete this email.
More information about the Freeradius-Users
mailing list