- DC Blog RSS Feed
- [Updated] Free Mobile-Friendly Layout Wizard
- [Fixed] Feedback Form Wizard
- GitHub patch release previous version
- 15 years of blogging 500 posts later
- How to disable Laravel console commands
- Vue show and hide form elements
- Extracting a time into select menus with PHP
- Running HTTP requests in PhpStorm
- VIM shortcuts
آخرین مطالب
امکانات وب
I am setting up 802.1x via wired or wireless (WPA2 Enterprise) connections in our office, backed by a OneLogin RADIUS server. The certificate is not self-signed, so it's not clear to me whether it's safe to import it into the Trusted Root CA store, but that seems to be the only way to enable certificate checking.
The certificate chain looks like this:
*.us.onelogin.com- RapidSSL SHA256 CA - G3
- GeoTrust Global CA (already in the Windows Trusted Root CA store)
If I only enable the GeoTrust Global CA in the Protected EAP settings window, I still get a waing in Windows 10, as if no certificate checking was enabled ("Continue connecting? If you expect to find in this location, go ahead and connect. Otherwise, it may be a different network with the same name."). The waing does not show if I import the OneLogin certificate in the Trusted Root CA store and enable it in the EAP settings. The "Connect to these servers" field is set to radius.us.onelogin.com, so a MitM attack doesn't seem possible with just the actual GeoTrust root certificate enabled?
Is this expected behaviour? In this (unrelated) Lync support article, it is mentioned that the Trusted Root CA store should only store self-signed certificates (which makes sense), and could cause issues otherwise.
Recent Questions...ما را در سایت Recent Questions دنبال می کنید
برچسب : نویسنده : استخدام کار superuser بازدید : 612