Help with configuring client certificates for peap or ttls

Matthew Newton mcn at
Fri Sep 15 09:49:07 CEST 2017

On 15 September 2017 08:40:20 BST, Vacheslav <m_zouhairy at> wrote:
>>I have free radius 3.0.14 and I managed to authenticate using peap and
>>ttls using the self signed server certificate. I tried to push it 
>>further with requiring client certificates but that didn't work.
>>Pretty much no supplicants support using client certificates with PEAP
>or >EAP-TTLS, so unfortunately it won't work. I think wpa-supplicant is
>the only >one that will.
>Thank you very much for clearing this up, I struggled days and was sure
>it's a bug.

You're not the only one... :(

> I'm using wired dot1x so wpa isn't an option as I think that's for wireless.

It's the same supplicant used for both.

>>For client certificates on Windows you have to use EAP-TLS.

>I wanted them to have a certificate + username and password,

Yes, using both together is not currently possible.


More information about the Freeradius-Users mailing list