EAP-TLS: Strategies for getting the right certificate to the right user

Alex Sharaz alex.sharaz at york.ac.uk
Mon Sep 11 17:14:06 CEST 2017


Which is why we use the Cloudpath ES server to configure eap-peap and
 eap-tls. Using the ES server for OCSP allows us to manage certs as well.

Open wifi network with dnsmasq only get you to a limited set of URLs.
Workflow capabilities allow you to tailor what a user sees in terms of
config options.


A

On 11 September 2017 at 15:33, Matthew Newton <mcn at freeradius.org> wrote:

> On Mon, 2017-09-11 at 10:22 -0400, Chevalier Violet wrote:
> > EAP-TLS: Strategies for getting the right certificate to the right
> > user. It
> > needs to be relatively automated.
>
> > Users are starting with no internet access.
> >
> > I was thinking maybe of the following:
> >
> > 1) Use some kind of TTLS-MSCHAPv2 thing with a standard user &
> > password
>
> One solution is for an open network with a captive portal (no Internet
> access), people log in (https, username, password) there, which
> generates an installer/config, used to the configure the device.
>
> But yes, enrolling on EAP-TLS can be tricky without other
> certificate/device management systems.
>
> --
> Matthew
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>


More information about the Freeradius-Users mailing list