EAP-TLS: Strategies for getting the right certificate to the right user

Matthew Newton mcn at freeradius.org
Mon Sep 11 16:33:12 CEST 2017


On Mon, 2017-09-11 at 10:22 -0400, Chevalier Violet wrote:
> EAP-TLS: Strategies for getting the right certificate to the right
> user. It
> needs to be relatively automated.

> Users are starting with no internet access.
> 
> I was thinking maybe of the following:
> 
> 1) Use some kind of TTLS-MSCHAPv2 thing with a standard user &
> password

One solution is for an open network with a captive portal (no Internet
access), people log in (https, username, password) there, which
generates an installer/config, used to the configure the device.

But yes, enrolling on EAP-TLS can be tricky without other
certificate/device management systems.

-- 
Matthew



More information about the Freeradius-Users mailing list