How to avoid EAP-TLS login on commercial CA's?
aland at deployingradius.com
Thu Jun 29 17:10:00 CEST 2017
On Jun 29, 2017, at 11:00 AM, Ramon Escriba <escriba at cells.es> wrote:
> We're planning to use EAP-TTLS with a commercial certificate on
> But, there's any simple way to forbid globally any CA 'valid client
> certificate', a part of not using the commercial CA??
You can disable the "tls" sub-module in EAP. See raddb/mods-available/eap.
They can still use client certificates with PEAP or TTLS, but you will still be checking passwords, so that doesn't matter as much.
More information about the Freeradius-Users