Hello, >>> To avoid the need of installing our CA certificate on every Windows >>> machine, we´ll buy the server certificate from a public CA.
Having the CA cert installed only does half of the job; for EAP configuration purposes, the CA must explicitly marked as trusted /for this EAP identity/. So you still need to tell users to set a checkbox besides that CA. The difference to importing the CA before that is not much more work; on Windows, it's a couple of clicks only. > If this is a usability issue, I recommend you look at dissolvable setup > clients like cloudpath, or investigate the various certificate/settings > bundles that things like iPhones support. And since he is from a university and likely his deployment is an eduroam one, you should also mention the dissolvable client setup tool "eduroam CAT", https://cat.eduroam.org , which is free and tailored to eduroam. It will install private CAs just as fine and automated as it does commercial CAs. Greetings, Stefan Winter > > Arran Cudbard-Bell <a.cudba...@freeradius.org> > FreeRADIUS Development Team > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html