Freeradius and deploying client certificates for Windows OS
Alan DeKok
aland at deployingradius.com
Mon May 3 14:47:19 CEST 2021
On May 3, 2021, at 6:30 AM, Vieri Di Paola <vieridipaola at gmail.com> wrote:
> The problem I'm facing is how to easily manage deploying the client
> certificates.
"Magic". :(
> The custom Certificate Authority has already been deployed with Active
> Directory Group Policy.
>
> Each time I want a new client to authenticate I need to manually
> import the client certificate in the Windows host via "mmc".
Yes.
> Is there a way to automatically deploy the client certificates (eg.
> when a Windows client joins an AD)?
Pay $$$ a month per user for device management software.
> Should I stop using openssl on the FreeRADIUS server and use MS
> Certification Authority instead? Will I have compatibility issues if I
> do that?
That doesn't really matter. The issue isn't the certificates. The issue is getting them onto the client devices, and configuring them there.
> Can I keep using openssl certs but with a non-interactive way of deploying them?
There are MDM solutions available. They're almost always $$$, as this is a non-trivial problem to solve.
Alan DeKok.
More information about the Freeradius-Users
mailing list