802.1x with GoDaddy Certificates EAP-TTLS
Alan DeKok
aland at deployingradius.com
Thu Jun 29 14:58:33 UTC 2023
On Jun 29, 2023, at 10:53 AM, Torsten Wilms <T.Wilms at m3connect.de> wrote:
> Ok. But we use a GoDaddy G2 certificate. And the supplicant must have the root CA
No.
> , because if not, the device would not to be able to validate any GoDaddy certificate in the browser ssl connection. Or am I thinking wrong?
"browser" != "supplicant"
While they both run on the same device, they are different pieces of software, with different configurations.
If you look for documentation on 802.1X and EAP, *everything* will tell you that you need to configure the root CA for EAP. This is how it works.
The reasons are complicated and unimportant here. All that is important is that the root CAs used for the web are *not* automatically used for EAP. And there are very good reasons for that.
Alan DeKok.
More information about the Freeradius-Users
mailing list