Freeradius and deploying client certificates for Windows OS

Alan DeKok aland at
Mon May 3 14:47:19 CEST 2021

On May 3, 2021, at 6:30 AM, Vieri Di Paola <vieridipaola at> wrote:
> The problem I'm facing is how to easily manage deploying the client
> certificates.

  "Magic".  :(

> The custom Certificate Authority has already been deployed with Active
> Directory Group Policy.
> Each time I want a new client to authenticate I need to manually
> import the client certificate in the Windows host via "mmc".


> Is there a way to automatically deploy the client certificates (eg.
> when a Windows client joins an AD)?

  Pay $$$ a month per user for device management software.

> Should I stop using openssl on the FreeRADIUS server and use MS
> Certification Authority instead? Will I have compatibility issues if I
> do that?

  That doesn't really matter.  The issue isn't the certificates.  The issue is getting them onto the client devices, and configuring them there.

> Can I keep using openssl certs but with a non-interactive way of deploying them?

  There are MDM solutions available.  They're almost always $$$, as this is a non-trivial problem to solve.

  Alan DeKok.

More information about the Freeradius-Users mailing list