Problems with eap certificate and MacOS

Marco Scholl mail at marco-scholl.de
Wed Feb 15 13:51:12 CET 2017 

Hi,

i have resolve the problem by remove all certificate and some restart and a fresh installation.

thanks for support.

greets

> Am 15.02.2017 um 11:55 schrieb Adam Bishop <Adam.Bishop at jisc.ac.uk>:
> 
> On 15 Feb 2017, at 10:13, Marco Scholl <mail at marco-scholl.de> wrote:
>> Then i have installed our root ca as trusted for all type (eap, smime, webserver ....). When i now connect by wlan or cable to the freeradius,
>> i got an server certificate error. But when i open the dialog for confirmation, i see our root ca als trusted, i see the intermediate
>> as trustend and i see the radius certificate as trust!
> 
> This isn't really a FreeRADIUS question. You'll need to look in the OS logs to figure out why it's unhappy. Unless you've screwed up the certificate chain, or aren't sending the right certificates, there's probably nothing you can do on the FreeRADIUS side.
> 
> The mini-CA generated by FreeRADIUS does work out of the box, so if you're using that you've either broken the config, or the client is not working right.
> 
> Use 'openssl x509 -in cert.pem -noout -text' to compare the CA signed and your own certificate (and your root vs their root). Make sure you're using a sha256 hash, that the constraints are all correct, and the key usages are sensible. Make sure you've not set a path length shorter than your chain - things like that. 
> 
> Try removing all the certificates, rebooting and reconnecting. I've seen OS X get confused and try using credentials cached somewhere, but that have been removed from the keychain.
> 
> Regards,
> 
> Adam Bishop
> 
>  gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
> 
> jisc.ac.uk
> 
> Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
> 
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list