EAP-TLS PKI management
Munroe Sollog
mus3 at lehigh.edu
Wed Jan 20 17:27:03 CET 2021
Has anyone deployed EAP-TLS in concert with BYOD? This Android 11 change
that removes the ability for the user to "Do Not Validate" the CA
certificate has forced us to re-evaluate our .1x PEAP solution. EAP-TLS
seems like the best option, however the onboarding of user-brought devices
seems tricky.
With MDM or AD-joined devices pushing the certificates out are easy. In an
environment where "bring your own device" is encouraged, I'm curious how
network admins are making client certificate installations easy enough for
end users to do.
Android 11 change article for reference:
https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/
--
Munroe Sollog (He/Him/His)
Senior Network Engineer
munroe at lehigh.edu
More information about the Freeradius-Users
mailing list