EAP-TLS PKI management

Munroe Sollog mus3 at lehigh.edu
Wed Jan 20 17:27:03 CET 2021

Has anyone deployed EAP-TLS in concert with BYOD?  This Android 11 change
that removes the ability for the user to "Do Not Validate" the CA
certificate has forced us to re-evaluate our .1x PEAP solution.  EAP-TLS
seems like the best option, however the onboarding of user-brought devices
seems tricky.

With MDM or AD-joined devices pushing the certificates out are easy. In an
environment where "bring your own device" is encouraged, I'm curious how
network admins are making client certificate installations easy enough for
end users to do.

Android 11 change article for reference:
Munroe Sollog (He/Him/His)
Senior Network Engineer
munroe at lehigh.edu

More information about the Freeradius-Users mailing list