Blackberry disabled server certificates query

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Wed Feb 1 22:23:37 CET 2012


hi,

just to revisit this recent thread. Was at a site who were implementing
802.1X authentication and they noted the Blackberry issue - some devices
okay, others not... the FreeRADIUS server was configured to have the WHOLE
CA chain of certs (root, intermediate,server signer and server cert) in
the certificate_file entry in eap.conf and all of the blackberries tested
(os4 and os5 etc) then worked with 'check certificate' enabled. the devices
had the root CA on them but if the other certs werent delivered from the
server then the devices didnt want to authenticate - likely to be how
the chain is handled by the device - especially as they were very fussy about
what was in the CA store. 

alan



More information about the Freeradius-Users mailing list