|
Posted by S. Pidgorny on May 23, 2008, 6:07 am
If you were Registered and logged in, you could reply and use other advanced thread options
You're right - the answer is resounding no. Certificate is public
information. It is presented to anybody requesting PEAP connection.
What you're looking for if protected private key. Use EAP-TLS instead of
PEAP, put the client certificate (along with private key) on a smart card
and that achieves the outlined goal.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> Hi to all. This is my first post and my first step to the PKI
> knowledge.
> Someone have asked me if there is a way to make the Root Certificate
> not exportable so only the one who have installed this certificate in
> the machine can access via PEAP to the wifi network and in the same
> time the user cannot pass this certificate to another PC.
> A kind of security enanchement.
> Ok...i think i have the answer and it's NO, but to be honest I'm too
> new to this topic and I wont to be sure.
>
> Thank for your intrest and sorry for my bad english
| 
XML site map