TTLS+PAP with Windows
Herman Øie Kolden
herman at samfundet.no
Wed Mar 15 11:00:28 CET 2017
On Wed, Mar 15, 2017 at 09:53:39AM +0100, Bjørn Mork wrote:
> In general, you should use self-signed certificates for 802.1x (EAP)
> authentication. When you list root CAs from other organizations in the
> "CA_file", you permit them to masquerade as you,
Why is this a concern for EAP, but not for regular web certificates?
> to authenticate your users, and to issue client
> certificates for EAP-TLS.
Agreed, but as we don't use client certificates in our organization,
this doesn't apply to us.
--
Herman Øie Kolden
Trondheim, Norway
More information about the Freeradius-Users
mailing list