On 01/20/2012 08:16 AM, Mark Holmes wrote:
Your problem is going to be>distributing the server cert to
the>clients NOT distributing client
Maybe I've missed something here, but why will he need to distribute
a cert to clients?
If you're using a private CA for signing the radius server certs, which
is generally cited as best practice because it provides belt & braces;
in the event a client does not learn & subsequently re-check the cert
CN, a public CA would allow an attacker to impersonate your SSID. A
private CA does not.
Some people (us included) choose to use a public CA and accept the risk,
in return for significantly easier deployment.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html