WPA2-Entreprise: which certificate to avoid changing Validate server certificate for Windows guest ?

Olivier oza.4h07 at gmail.com
Tue Sep 11 14:22:33 CEST 2018


@Stefan:
All your replies are very interesting !
Thank you very very much for sharing them here.

I'll have to read them in greater details !
Thanks again

Le mar. 11 sept. 2018 à 13:59, Stefan Winter <stefan.winter at restena.lu> a
écrit :

> Hello,
>
> > I have no definite answer. Loading a file with all the details of the
> > connection is how it works for Mac, but I am not sure it can be acheived
> > with Windows (in fact, eduroam people have worked on that a bit and I
> > don't think they came up with any solution, so I don't think it can be
> > done).
>
> For the sake of the mailing list archive: this comment is actively
> unhelpful and wrong.
>
> https://cat.eduroam.org
> https://802.1x-config.org
>
> Or ask a search engine of your choice for "Enterprise Wi-Fi onboarding
> tools".
>
> > Test it is my best advice, then if it works, tell you users that all
> > they have to do is to accept the certificate on the first connection.
>
> No. They should be pre-provisioned with the expected certificate and
> should never be bothered with the term "certificate" at all, or be
> trained to accept strange security warnings.
>
> Greetings,
>
> Stefan Winter
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
> de la Recherche
> 2, avenue de l'Université
> L-4365 Esch-sur-Alzette
>
> Tel: +352 424409 1
> Fax: +352 422473
>
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
> recipient's key is known to me
>
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list