TLS certificates authorities.

Bogdan Rudas brudas at
Fri Sep 9 08:00:34 CEST 2016


Could you please clarify you warning regarding client configuration? Some
systems allow my EAP-TTLS+PAP configuration out of the box, do you mean in
could be insecure? Are there any way to prevent client authentication
unless it have my CA installed?

Thank you.

On Thu, Sep 8, 2016 at 8:43 PM, <A.L.M.Buxey at> wrote:

> Hi,
> > I'm using EAP-TTPS+PAP for authentication. Are there any way to prevent
> > WiFi SSID spoofing without distributing my own CA certificate? Does it
> make
> > a sense to sign my server key with any of the public CA and what should I
> > supply as CN for such key?
> use your own for distributing it - it wil be installed with an
> 802.1X
> profile deployment tool....which *especially* for EAP-TTLS/PAP you should
> be using  (because clients REALLY need to be configured correctly/securely
> when using that method!)
> alan

Bogdan Rudas
Head of Minsk IT Support Department
Exadel Inc.
E-mail: brudas at
Skype ID: bogdan.rudas


CONFIDENTIALITY NOTICE: This email and files attached to it are 
confidential. If you are not the intended recipient you are hereby notified 
that using, copying, distributing or taking any action in reliance on the 
contents of this information is strictly prohibited. If you have received 
this email in error please notify the sender and delete this email.

More information about the Freeradius-Users mailing list