On 12/21/2010 10:22 AM, Julian Labus wrote:
Yes, I was talking about the TLS public certificate, sorry for leaving this out.The reason for that is that you only have the ability to connect to the hotspot if you have manually installed the public cert on your client before connecting.
No, I think you're confused. Perhaps you're referring to the trusted CA cert used to sign your public server cert. The CA which signed your server cert has to be installed as a trusted CA on the client (or resolve to one via a cert chain).
Generally you don't want clients to install trusted CA certs. Therefore your server cert must be signed by a CA which is normally trusted and hence previously installed. Usually that means a commercial CA which you pay to sign your server cert.
-- John Dennis <[email protected]> Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
