Freeradius and deploying client certificates for Windows OS

Tony Skalski ajs at
Mon May 3 18:18:37 CEST 2021

That guide looks reasonable (after a quick glance). They are standard
SSL/TLS certs - you might want to pay attention to key length and hash
algorithm, but I don't know of any reason why they would be incompatible
with FreeRADIUS. You will need to configure FR to accept the certs, but
that probably doesn't count as "fiddling".

Disclaimer: I am a FreeRADIUS newb, but have operated AD Certificate
Services for 12+ years.

On Mon, May 3, 2021 at 11:07 AM Vieri Di Paola <vieridipaola at>

> On Mon, May 3, 2021 at 3:53 PM Tony Skalski via Freeradius-Users
> <freeradius-users at> wrote:
> >
> > If you use Microsoft's certificate services, you can configure an
> automatic
> > certificate enrollment group policy. This can generate certs for both
> users
> > and computers as needed. This works for Windows clients. If you have
> other
> > clients, you will want an MDM or alternatively a certificate onboarding
> > solution, though if you have Macs joined to Active Directory, you should
> be
> > able to issue the certs without a for-pay MDM.
> Yes, most of the clients are Windows.
> I was in fact thinking of following a guide such as this one:
> However, as I have 0 experience with M$ solutions I was wondering if
> anyone knew beforehand if the certs deployed by the Microsoft
> Certification Authority via AD group policy will be compatible with
> FreeRADIUS without extra fiddling.
> I'm asking because I wouldn't want to work my way out of Microsoft
> madness to finally find out that the certs are incompatible unless
> mangled as noted in this post (which might be outdated):
> Thanks,
> Vieri

*Tony Skalski*
System Administrator | IT

*Office: *507-786-3227 <(507)786-3227>
1510 St. Olaf Avenue Northfield, MN 55057

More information about the Freeradius-Users mailing list