Hi So long as ios has the ca and intermediate then it can trust your server cert. If it doesn't have the intermediate but has the root CA, then you can send intermediate along with the server cert. However, for trust, you need to ensure that ios knows to trust that server. Hence it asks you about things... fingerprint etc To avoid this, and best practice is to configure the ios device with a network profile. Usually done with eg MDM software alan On Thu, 3 Dec 2020, 21:02 Igor Sousa, <igorvolt@gmail.com> wrote:
Hi, My institution generated our server certificate by GlobalSign, but we received a server certificate signed by an intermediate issuer, an intermediate issuer. We receveid the server, intermediate and root certificates files.
I created a bundle with intermediate and root certificates, in this order an. I configured the /etc/freeradius/mods-enabled/eap as below: private_key_file = <path for server private key that I created> certificate_file = <new path for server.pem received from GlobalSign> ca_file = <path to ca.bundle obtained by cat intermediate.pem >> ca.bundle and cat root.pem >> ca.bundle>
I run freeradius service with no issues as well as Android validates server certificate. When I tested the iOS connection the device showed me the server certificate as Not Trusted. I verified server certificate information and it is correct. If I click on the Trust button on the device screen, I can authenticate on Freeradius server with no issues.
Is this behavior right? Doesn't iOS trust in server certificate signed by an intermediate chain?
-- Igor Sousa - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html