Two questions about EAP-TLS

Alan DeKok aland at
Mon Aug 13 20:20:42 CEST 2018

On Aug 13, 2018, at 2:08 PM, Norman Elton <normelton at> wrote:
>>> No.
>>> PEAP is pretty much EAP-TLS plus MS-CHAP.  MS-CHAP doesn't need the certs.  EAP-TLS does.
> Thanks for the clarification. I assumed (erroneously) that EAP-TLS
> used the client-side certificate, verified with the trusted CA
> information on the server,

  Yes, that's how EAP-TLS works.

> _instead_ of the server-side certificate.

  No, *both* ends need to authenticate each other.

> In fact, it should be "in addition to the server-side certificate"?


  Alan DeKok.

More information about the Freeradius-Users mailing list