Double check of sanity with PEAP setup

Adam Taylor ataylor at
Thu Dec 12 23:55:27 CET 2019

Hey all,

I just want to double check that I am doing something correctly as I set up our new radius servers.

We currently use PEAP to auth our wireless.  My question is about doing the certificates correctly on the new radius servers.  We currently use a Global CA cert in the TLS section but everywhere says not to in the config files.  I'm confused as to why for PEAP, as we have to have a CA signed cert for all the user devices to not throw a "could not verify cert" creating the TLS tunnel before EAP.  Clients installing a cert is a non-starter....there is no way with the amount of visitors.

So is a CA signed TLS cert correct for PEAP auth or am I not understanding something in the documentation?

I just want to make sure I do this correctly and do not have some giant gaping security hole.

Adam Taylor

More information about the Freeradius-Users mailing list