PEAP correct client certificate
Oliver Tollning
oliver at tollning.com
Mon Nov 20 08:53:15 CET 2017
Hello,
I'm currently setting up a RADIUS server(v. 2.2.8) for the first time. I
followed the instructions and could connect with EAP and PEAP to my server.
Since I only want to use PEAP I disabled every other authentication
method by commenting out everything else in /sites-enabled/default. This
works fine, since I cant connect with normal EAP anymore.
I went through the process of creating my own certificate with openssl
and set everything up in eap.conf under eap-tls{}. In peap{} I added
EAP-TLS-Require-Client-Cert = Yes.
The problem is, that the client can connect to the server even though he
doesnt have the correct client certificate.
How can I tell the server to check the client certificate?
More information about the Freeradius-Users
mailing list