Freeradius server setup with eap-tls but certificate is offered when joining. I never added CA certificate to end device but device will join after I trust the certificate. I thought that I had to add the CA for it to be able to trust the certificate. How can I prevent it from adding the device without the CA certificate? Am I doing this wrong or idea of how certificate authentication is supposed to work?
I followed this guide: https://wiki.alpinelinux.org/wiki/FreeRadius_EAP-TLS_configuration
I would like only devices with the proper certificate to be able to join the network.