Question: which 3rd party CA for EAP
stefan.winter at restena.lu
Mon Apr 30 13:15:12 CEST 2012
> We are trying to setup eap for different mobile devices. We don't need
> certificates for each user, we want to authorize againt the radius with
> username and password only.
> With self signed certificates its working if the mobile devices installs
> the root ca certifcate.
> We tried several 3rd party certificates: StartSSL, united ssl, godaddy,
> test certificates from thawte.
> Apple and windows clients are claiming, that the certificate is not
> Has anybody a working solution with 3rd party certificates and can tell
> us which certifcate could be used and what needs to be configured in
You should be aware that the "trusted" status of a CA is completely
independent in bowsers vs. for EAP.
Browsers have a (large|too large) set of CAs which they consider trusted.
EAP supplicants typically trust NO CA unless explicitly configured to.
In the Windows case, the supplicant will trust the 3rd party certs just
fine as soon as you open the EAP properties and check the box of that CA.
So, very often you will require extra manual/scripted configuration
whether you use a self-signed CA or not; merely the actual import of the
certificate file can be omitted if the CA is shipped.
I.e. you don't gain a lot, and spend more money when using a "trusted"
CA, so in the vast majority of cases, it is the wiser way to use a
> Kind Regards
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users