Does this only apply if the supplicant uses a server cert during eap/tls?
The reason I ask, is that I'm using a client cert signed by my CA to do
eap/tls, and it's working. I have not implemented the server cert as of
yet.
-Bob
Alan DeKok wrote:
"Dave Huff" <[EMAIL PROTECTED]> wrote:
For EAP-TLS to work, the client certs have to be
signed by the server cert.
Signed by the server cert or by the CA cert? I have a CA that signed the
server and client certs, and the eap.conf file knows where server and CA
certs are.
If you're using 1.0.x, that won't work. It doesn't do certificate
chains. The client cert MUST be signed by the server cert. Using a
CA to sign them, both won't work.
I'm not even sure it will work in 1.1.0, to be honest.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
