EAP SSL Cert "Not Trusted"
Cappalli, Tim (Aruba Security)
timc at hpe.com
Wed Jun 14 21:35:17 CEST 2017
You will receive the prompt the first time a new device connects to that SSID. You should really pre-configure the clients or you’re putting the user’s credentials at risk.
On 6/14/17, 11:39 AM, "Freeradius-Users on behalf of Alan DeKok" <freeradius-users-bounces+timc=hpe.com at lists.freeradius.org on behalf of aland at deployingradius.com> wrote:
On Jun 14, 2017, at 11:19 AM, Trevor Jennings <Trevor at simple101.com> wrote:
>
> We are using Thawte which Apple devices already trust (These are more
> common devices on our network).
Do not use public CA certs for WiFi authentication. It's insecure.
And no, the Apple devices do NOT already trust the Thawte cert for WiFi authentication. They trust the Thawte cert for web surfing, which is entirely different.
You need to have a mobileconfig which tells each device what the SSID is, what EAP method to use, and what CA to use.
> Are you referring to configuration profiles that are setup on the clients?
Yes. You need to configure each device as I said above.
In order to get EAP working, follow the guide at:
http://deployingradius.com/documents/configuration/eap.html
It WILL work.
And yes, it involves creating your own certificates, and also installing the certificates on the clients.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list