EAP-TLS PKI management
Munroe Sollog
mus3 at lehigh.edu
Wed Jan 20 17:41:59 CET 2021
Are suggesting use passpoint to push the cert out, but keep using PEAP, or
are you suggesting use passpoint as the vehicle to onboard client certs for
EAP-TLS?
I guess it could be either?
On Wed, Jan 20, 2021 at 11:38 AM Alan DeKok <aland at deployingradius.com>
wrote:
> On Jan 20, 2021, at 11:27 AM, Munroe Sollog <mus3 at lehigh.edu> wrote:
> >
> > Has anyone deployed EAP-TLS in concert with BYOD? This Android 11 change
> > that removes the ability for the user to "Do Not Validate" the CA
> > certificate has forced us to re-evaluate our .1x PEAP solution. EAP-TLS
> > seems like the best option, however the onboarding of user-brought
> devices
> > seems tricky.
>
> It definitely becomes harder.
>
> > With MDM or AD-joined devices pushing the certificates out are easy. In
> an
> > environment where "bring your own device" is encouraged, I'm curious how
> > network admins are making client certificate installations easy enough
> for
> > end users to do.
>
> Use WiFi Passpoint for Hotspot 2.0. Most enterprise APs should support
> this, and it shouldn't be too hard to configure.
>
> Or, MDM or AD, unfortunately. Most systems have now removed the ability
> for users to manually configure certificate settings.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Munroe Sollog (He/Him/His)
Senior Network Engineer
munroe at lehigh.edu
More information about the Freeradius-Users
mailing list