Hello,
The certificate is actually issued from a subCA. What do I have to consider when installing the cert, key and cacert in the FreeRadius server? Does the ca certificate need to be concatenated from the rootCA and also the subCA? What do I need to consider when it comes to installing the cacert to the clients (iOS, Android, Windows 7+, Linux, OS X). Does the certificate be a catted cert from the rootca cert and the subca cert? I there anything else I need to consider? We're using TinyCA 0.7.5.
For client-side setup, you should give the last section of http://freeradius.org/enterprise-wifi.html a read. This is linked from the start page! https://802.1x-config.org is free and easy. Regarding intermediates, you either need to send them during the EAP conversation (server sends every time) or you need to install them together with the root CA cert on the clients. The latter option will leave all BYOD devices which don't get your config with a broken chain, so that's usually not recommended. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66