TTLS+PAP with Windows

Herman Øie Kolden herman at
Wed Mar 15 11:00:28 CET 2017

On Wed, Mar 15, 2017 at 09:53:39AM +0100, Bjørn Mork wrote:

> In general, you should use self-signed certificates for 802.1x (EAP)
> authentication. When you list root CAs from other organizations in the
> "CA_file", you permit them to masquerade as you, 

Why is this a concern for EAP, but not for regular web certificates?

> to authenticate your users, and to issue client
> certificates for EAP-TLS.

Agreed, but as we don't use client certificates in our organization,
this doesn't apply to us.

Herman Øie Kolden
Trondheim, Norway

More information about the Freeradius-Users mailing list