Double check of sanity with PEAP setup
ataylor at ulm.edu
Thu Dec 12 23:55:27 CET 2019
I just want to double check that I am doing something correctly as I set up our new radius servers.
We currently use PEAP to auth our wireless. My question is about doing the certificates correctly on the new radius servers. We currently use a Global CA cert in the TLS section but everywhere says not to in the config files. I'm confused as to why for PEAP, as we have to have a CA signed cert for all the user devices to not throw a "could not verify cert" creating the TLS tunnel before EAP. Clients installing a cert is a non-starter....there is no way with the amount of visitors.
So is a CA signed TLS cert correct for PEAP auth or am I not understanding something in the documentation?
I just want to make sure I do this correctly and do not have some giant gaping security hole.
More information about the Freeradius-Users