Let’s Encrypt is a certificate authority that generates TLS certificates automatically, and for free. It’s been great for web server administrators because it allows them to automate the process of requesting, receiving, installing, and renewing TLS certificates, taking the administrative overhead out of setting up a secure website. And did I mention it’s free and supported by allContinue reading “Use Let’s Encrypt Certificates with FreeRADIUS”
Tag Archives: 802.1X
Hardening TLS for WLAN 802.1X Authentication
This post outlines some configuration changes which can enhance the security of 802.1X EAP methods PEAP and EAP-TTLS, which use a temporary layer 2 TLS tunnel to protect a less secure inner authentication method. While EAP-TLS doesn’t create a full TLS tunnel, it does use a TLS handshake to provide keying material for the four-way handshake. It needs strong TLSContinue reading “Hardening TLS for WLAN 802.1X Authentication”
Configure FreeRADIUS with Different CA’s for PEAP and EAP-TLS
Many WLAN’s administrators purchase commercial SSL certificates for their RADIUS server to use for PEAP 802.1X authentication. The advantage of this approach is that a cert from a common commercial CA is likely to have its root CA cert already installed on all the clients accessing the network. Although many clients will still prompt the user to trust the server’sContinue reading “Configure FreeRADIUS with Different CA’s for PEAP and EAP-TLS”
Frame by Frame 