[RADIATOR] Radiator, WPA2, certificates and untrusted

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Sep 2 02:45:18 CDT 2015


Hi,

>    Oh man!
> 
>    In other words it's a waste of good money to pay for a signed certificate.

for your own internal 802.1X (where you are only directly authenticating your own users
(and that includes eg eduroam) - yes.  best practice is to use a self-signed CA  (you have the
same issues in getting the Root CA onto the clients but there are tools, some free, for that
anyway.


for a public 802.1X system where any person wants to join then there are 2 arguments - ease of use
(go for well known public CA) or security - use a self-signed CA.   I'd hope such a public 802.1X
system (and there are some out there now....and increasing due to eg HS2.0/passpoint/802.11u) would
have some configuration system/tool and they should use a self-signed CA - any $0.01 script kiddie can 
geta  cert from a well known CA for some $$ and fake your AP/network  :/


alan


More information about the radiator mailing list