meta data for this page
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
network:wifi:wpae:cert [2023/07/05 09:53] niziak |
network:wifi:wpae:cert [2023/07/05 10:35] (current) niziak |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| Certificate Compatibility]] | Certificate Compatibility]] | ||
| * [[https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/certificate-requirements-eap-tls-peap#server-certificate-requirements]] | * [[https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/certificate-requirements-eap-tls-peap#server-certificate-requirements]] | ||
| + | * [[https://wiki.geant.org/display/H2eduroam/EAP+Server+Certificate+considerations|EAP Server Certificate considerations]] | ||
| + | * [[https://www.wi-fi.org/download.php?file=/sites/default/files/private/WPA3%20Specification%20v3.1.pdf|WPA3 Specification]] | ||
| + | * [[https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration]] | ||
| ===== Summary ===== | ===== Summary ===== | ||
| * Windows client requirements: | * Windows client requirements: | ||
| - | * Server Authentication OID = ''1.3.6.1.5.5.7.3.1'' | + | * Must contains OID = ''1.3.6.1.5.5.7.3.1'' (TLS Web Server Authentication) |
| * The name in the ''Subject'' line of the server certificate matches the name that's configured on the client for the connection. | * The name in the ''Subject'' line of the server certificate matches the name that's configured on the client for the connection. | ||
| * For wireless clients, the ''Subject Alternative Name SubjectAltName)'' extension contains the server's fully qualified domain name (FQDN). | * For wireless clients, the ''Subject Alternative Name SubjectAltName)'' extension contains the server's fully qualified domain name (FQDN). | ||