EAP-TTLS works for MacOS supplicants but not Win10

Alan Buxey alan.buxey at gmail.com
Thu Sep 17 19:21:44 CEST 2020


is any prompt to trust the cert coming up on the Windows 10 box?  if
not, it really doesnt like it - the root CA must pass a few
requirements for windows 10 - eg not be SHA1, it must have a CRLDP RL
defined or somesuch too.  regarding deployment - you really should be
looking at a deployment tool so that your config is secure (especially
with EAP-TTLS/PAP stuff as anyone doing a simple MiTM can just then
harvest user details trivially....have you heard of eduroam?  you
might want to check that out as its a free service for academic
institutions but they also provide a nice , easy to use deployment
tool for free 9such things from commercial companies cost quite a bit)


More information about the Freeradius-Users mailing list