cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: A.L.M.Buxey AT lboro.ac.uk
- To: Aaron Wyatt <wyattaa AT bc.edu>
- Cc: Tomasz Wolniewicz <twoln AT umk.pl>, Aaron Wyatt <aaron.wyatt AT bc.edu>, cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT
- Date: Wed, 1 Feb 2017 12:04:12 +0000
Hi,
> I'm confused, how can you expect your client supplicants to trust a
> RADIUS
> server they know nothing about?
its quite easy.
the client is configured (eg by eduroamCAT or any other deployment tool....or
by hand
if really need to) to trust a CA (and a server commonname)
the RADIUS server that is at the other end of the 802.1X authentication
provides
its cert (and intermediates) to the client.
using the intermediates, the client is able to build a train of trust to that
of the server
so it can trust the server - its signed by the known/selected CA and has the
commonname
expected too.
this is how x509 works...its how HTTPS etc work too.... though in that world,
public certificate
companies pay OS vendors etc to ensure their CAs are installed so when users
browse sites
that are signed by those CAs it works.
alan
- Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Aaron Wyatt, 02/01/2017
- Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, A . L . M . Buxey, 02/01/2017
- Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Stefan Winter, 02/01/2017
- Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Aaron Wyatt, 02/01/2017
- Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Stefan Winter, 02/01/2017
- Re: [[cat-users]] Custom EAP Settings for Windows 7/10 CAT, Aaron Wyatt, 02/01/2017
Archive powered by MHonArc 2.6.19.