3rd-party certificates in FR3

[Alan DeKok]

On Sep 2, 2015, at 11:52 AM, Ivan Strelnikov <i.n.strelnikov at gmail.com> wrote:
> Please, comment if i were mistaken or not:
> I have intermediate ca certificate as ca.pem and private+device's scertificate as server.pem.
> Am i right or i should take whole chain to ca?
> device -> intermediate -> root ca?

  Read the "eap" module configuration.  This is all documented in the comments.

> The main problem is that the Apple devices in the wireless connecting dialog still writes "Untrusted" certificate.
> Even if my root ca is in white list of Apple.

  You have to add the certificate to a separate 802.1X list.

> So, i don't want to creates bundles of wi-fi profile to Apple or install my radius' certificate.
> I will appreciated if there is some opportunities to do so.

  You need to configure the client to accept the certificate.  There is NO WAY around this.

  Alan DeKok.