> From wikipedia, "PEAP is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated Transport Layer Security (TLS) tunnel."
> TLS always need a certificate. >> There is nothing checked if you don't check the checkbox 'check certificate'. > It doesn't CHECK for the certificate common name (CN) or certificate authority (CA), but it still uses the server certicate to create the TLS tunnel. >> Actually the existing certificates in the certs subdirectory could be deleted but the authentification would work? > It would, if you DON'T use PEAP. If you ONLY use PAP or MSCHAPv2, then you don't need certificates. But it would work with the standard certificates given in the certs subdirectory. There is no security improveness by creating new certificates and using them for PEAP-EAP-MSCHAPv2 when you don't check them. Best Regards Sebastian Heinrich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
