EAP-TLS host certificates

Vieri Di Paola vieridipaola at gmail.com
Wed Feb 10 16:39:48 CET 2021

On Thu, Jan 28, 2021 at 5:31 PM Alan DeKok <aland at deployingradius.com> wrote:
> On Jan 28, 2021, at 11:21 AM, Vieri Di Paola <vieridipaola at gmail.com> wrote:
> > That's the bit that puzzles me.
> > I want to allow the client device to authenticate at boot time
> > regardless of the user.
>   You didn't say that.
> > I'll try to import the certificate in the administrator's account on
> > that device and see if the Windows 10 system authenticates before the
> > user logon screen shows up.
>   In the end, this is all Windows magic. If you figure it out, I suggest updating the Wiki with some information.  I don't run Windows, so I can't really offer much useful advice here.

Hi again,

Lucky you...

I found the time to resume my configuration and found out that
importing the pem client certificate into the Windows "computer
account" store does not work as I expect it to (see first post).
However, importing the p12 certificate works perfectly. I'll have to
tailor the Makefile as required. BTW why does the Makefile copy
client.pem to USER_NAME.pem but doesn't do the same for p12 et al.? I
know it's just there for convenience, but I'm wondering if it's for a
specific design purpose. Maybe it's because the pem format works fine
on non-Windoze clients.



More information about the Freeradius-Users mailing list