TLS client and server certificates

Alan DeKok aland at deployingradius.com
Fri Feb 2 13:13:17 CET 2018


On Feb 2, 2018, at 4:55 AM, wouldsmina <wouldsmina at gmail.com> wrote:
> 
> I am currently testing FreeRadius 3.0.12 (debian package). When I'm using
> the certificates declared in mods-enabled/eap on a TLS client, I get an
> Access-Accept! This is not dramatic, because these certificates should not
> be disclosed under any circumstances, but I would still like to know if
> it's a normal behavior and how to prevent it?

  The server creates test certificates.  For... testing.   Such as with EAP-TLS.

  If you install the test certs on a client, they will work.  You were the one who disclosed them to the client.

  If you don't want to use the test certificates, then delete them.

  Alan DeKok.




More information about the Freeradius-Users mailing list