Server certificate and clients (eap-tls) certificate

work vlpl thework.vlpl at
Tue Dec 12 03:23:47 CET 2017

On 12 December 2017 at 03:12, Alan DeKok <aland at> wrote:
> On Dec 9, 2017, at 12:36 PM, work vlpl <thework.vlpl at> wrote:
>> I should get valid ssl certificate from (Verisign or other CA)
>   Please don't.  It's generally a bad idea.  Use a self-signed CA.  That way you can control it much better.

Why using valid certificate from some global CA is bad idea? Because
Windows requires certain OIDs in the certificates?


More information about the Freeradius-Users mailing list