Antti Mattila wrote:
Yes. Don't set the client to validate the server certificate. The server does not currently send its certificate to the client.
i think it's wrong.
The TLS "howto"s also say not to verify the server certificate.
yes, but only for testing.
Thank you! Very good to know. But how come in Ken Roser's Freeradius and XP supplicant on page 5 the picture is with Validate server certificate and it doesn't say anything about Freeradius not sending its certificate to the client. Should I email Roser to add that information?
no, because it's nonsense. in my case windows even asks if i want to accept an unknown server certificate which can not be validated, etc., just like with SSL & Web.
disabling server certificate validation lets you concentrate on the problem, that's all - for debugging. the final solution should imho verify the certificate because mututal authentication is extremely important.
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
