Two questions about EAP-TLS
Alan DeKok
aland at deployingradius.com
Mon Aug 13 20:20:42 CEST 2018
On Aug 13, 2018, at 2:08 PM, Norman Elton <normelton at gmail.com> wrote:
>
>>> No.
>>> PEAP is pretty much EAP-TLS plus MS-CHAP. MS-CHAP doesn't need the certs. EAP-TLS does.
>
> Thanks for the clarification. I assumed (erroneously) that EAP-TLS
> used the client-side certificate, verified with the trusted CA
> information on the server,
Yes, that's how EAP-TLS works.
> _instead_ of the server-side certificate.
No, *both* ends need to authenticate each other.
> In fact, it should be "in addition to the server-side certificate"?
Yes.
Alan DeKok.
More information about the Freeradius-Users
mailing list