Distributing root CA and client certificates

[bbzz]

Hi all,

I have a task of implementing 802.1x authentication in our network for about 150-200 clients. I've managed EAP-TLS authentication with certificates before but only for 5-10 wireless clients, so the client certificates were distributed "by hand", so to speak.

Right now I have all set up with freeradius, but I need to ask for advice how to distribute so many certificates while keeping my life sane. This is normally not in my job description so I haven't looked into this before. Keep in mind this is mostly Unix oriented network so no Windows servers allowed.

Thanks

 

[bbzz]

I'd really like to hear some ideas here, I'm sure there are people here who dealt with this before.
PEAP-MSCHAPv2 is also an option, with only root CA distribution. But then I still need to manage passwords for all users.

 

[bbzz]

Nobody ever dealt with this kind of issue?

Regards

 

[bbzz]

Hello, is there anybody in there? Just nod if you can hear me, is there anyone home?

 

[throAU]

I think you're in a very small group of users trying to push certs with a Unix box. I push certs on the enterprise via AD auto-deployment, and I suspect most enterprises do the same. Are your clients all Unix clients as well?