Hi, > Hello everyone. > Im trying to understand how the certificates work in Freeradius. > Last time I asked about why I need to install a root certificate on all the > windows clients I got the answer that it is because PEAP works that way. But > when I read about it on other sites it says that EAP-TTLS and PEAP was > created so that you wont need client-side certificates?
client-side certificate means a specific cert for the client..not the root CA. you need a root CA installed because thats that the RADIUS server has been signed with. if you've used a CA to sign the RADIUS cert that is commonly in the client you wont need to install the CA...but eg self-signed CA will need to be installed. > The PEAP0 I want to use is EAP-MSCHAPv2 since that one should not require > client-side certificates if I have understood it correctly. RADIUS server signed by CA CA needs to be on the client if you want to really trust/verify the cert alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
