TTLS+PAP with Windows
Bjørn Mork
bjorn at mork.no
Wed Mar 15 09:53:39 CET 2017
Herman Øie Kolden <herman at samfundet.no> writes:
> On Tue, Mar 14, 2017 at 07:12:28PM -0400, Alan DeKok wrote:
>
>> I don't recommend using public CAs for WiFi authentication. It's insecure.
>
> Interesting. Would you mind explaining why?
/usr/share/doc/freeradius/examples/certs/README in the Debian package
says
In general, you should use self-signed certificates for 802.1x
(EAP) authentication. When you list root CAs from other
organizations in the "CA_file", you permit them to masquerade as
you, to authenticate your users, and to issue client certificates
for EAP-TLS.
Bjørn
More information about the Freeradius-Users
mailing list