On Sun, Jan 31, 2010 at 12:09 PM, Mike Diggins <mike.digg...@mcmaster.ca> wrote: >>> Why self signed versus CA signed? Ideally I would like my clients to not >>> be questioned about the certificate at all. Is that even possible with WPA? >>> If I purchase a CA signed cert, would that eliminate the requirement on the >>> client to acknowledge the certificate or import it?
>> >> It would also mean that anyone could go to the same CA, get a client >> certificate and would be able to login to your wireless network. Not really >> ideal IMHO ;) > But I don't plan on distributing client certificates for authentication. I > intend for them to login with a username and password checked against my > Radius server, so I'm not sure what role the certificate plays in that > process? I think the recommendation made perfect sense when you require client certificate, like when deploying EAP/TLS. If you intend to use EAP as a secure tunnel only, and login with user/password (like with PEAPv1/EAP-GTC), using a CA-signed cert might make more sense. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html