EAP-TLS host certificates

Vieri Di Paola vieridipaola at gmail.com
Thu Jan 28 17:21:15 CET 2021

On Thu, Jan 28, 2021 at 2:33 PM Alan DeKok <aland at deployingradius.com> wrote:
> > The Windows 10 client has imported both the CA in trusted roots and
> > the client certificate in the "local computer" store. I chose the
> > common name "PC2036" (see below).
>   That might work... it depends.  Windows has a few certificate stores.  If you put the certs into the wrong one, then EAP-TLS won't work.
> > The wireless connection is set up with a "smart card or other
> > certificate" (computer account).
>   I'm not sure that will work.  You're better off using a user account, and putting the certs into the local cert store for the *user*.

That's the bit that puzzles me.
I want to allow the client device to authenticate at boot time
regardless of the user.
I'll try to import the certificate in the administrator's account on
that device and see if the Windows 10 system authenticates before the
user logon screen shows up.



More information about the Freeradius-Users mailing list