Usually in EAP-TLS, the server sends the client its cert, and then the client send the server its cert.
We have revoked a certificate for a client, and it is working fine. The client cannot log onto the network.
Thing is, in the packet capture of the eap-tls handshake, the client never attempts to send the server its certificate.
Its almost as if, when the server sends the client its cert, it tells the client not to bother sending its cert to the server as the server knows it is revoked and has communicated this to the client.
Could it have something to do with the eap-identity response from the client to the server in the initial eap-tls session setup?
Does the server send to the client the contents of the CRL when the server sends the client its server certificate?
I do hope someone has seen the same :) There does not seem to be much documentation on the actual CRL process.
Many thx and kind regards,