TLS client and server certificates
wouldsmina
wouldsmina at gmail.com
Fri Feb 2 14:07:53 CET 2018
> If you don't want to use EAP-TLS, then you shouldn't issue client
certificates.
ah! so I'm on the wrong track...
> And please DO NOT use the "sample" certificates in a production
environment. They're only for testing.
I'm on a test environment but I use my own certificates ;)
the client must verify the authenticity of the server but must not be able
to authenticate (with private/public keys).
I will continue my test (and search) to find the "right solution".
Thank you
2018-02-02 13:53 GMT+01:00 Vacheslav <m_zouhairy at skno.by>:
> I want to use client certificates, so I must only authenticate on EAP-TLS?
>
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-bounces+m_zouhairy=
> skno.by at lists.freeradius.org] On Behalf Of Alan DeKok
> Sent: Friday, February 2, 2018 3:48 PM
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: Re: TLS client and server certificates
>
> On Feb 2, 2018, at 7:46 AM, wouldsmina <wouldsmina at gmail.com> wrote:
> >
> > Certificates (certificate_file, private_key_file, and ca_file) are
> > needed to establish the EAP tunnel (with peap or ttls).
>
> > Yes... that *is* how it works.
>
> > I corrected my problem by removing the tls {} section into
> > mods_enables/eap file... No tls, no problem (for me) :)
>
> > Well, maybe.
>
> > If you don't want to use EAP-TLS, then you shouldn't issue client
> certificates.
>
> > And please DO NOT use the "sample" certificates in a production
> environment. They're only for testing.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list