Walking through Managed IDP specifications, I noticed that we'll need to
provide certificates for use with EAP-TTLS in order to authenticate the
IDP to the supplicant.
This can either be done by having the portal operate a mini certificate
authority or by generating CSRs and having then sent off to a real CA
(JCS presumably).
The certificates and private keys will need to be stored centrally so
they can be loaded onto an instance if it is reconstructed.
--Sam
|