On windows machines we get a prompt saying that "Windows Cannot Verify the server's identity". On iOS when you view the certificate it says: "Not Verified" This is confusing because we use a global CA Root (Digicert) that *is* already installed on all devices. Is the prompt normal even when using a Global CA Root that is installed on devices? Sam Fakhreddine p 780-395-5455 |-----Original Message----- |From: freeradius-users-bounces+sam.fakhreddine=ledcor.com@lists.freeradius.org |[mailto:freeradius-users- |bounces+sam.fakhreddine=ledcor.com@lists.freeradius.org] On Behalf Of Phil |Mayers |Sent: Friday, April 04, 2014 1:38 AM |To: freeradius-users@lists.freeradius.org |Subject: Re: Trusted CA, Signed Certs and Verification | |On 03/04/14 23:59, Sam Fakhreddine wrote: |> Hello, |> |> I have been trying to use a Trusted CA to sign our freeradius server. |> |> The certificates are installed, the key, cert, the root chain all in |> their appropriate PEM files. |> |> The devices try to get the certificate that we specify; However, |> whenever we try to connect with an iOS device or Windows we get an |> error saying that the identity cannot be verified.et | |Do you get an error, or a prompt to trust the root for that connection? | |If you get an error, you've done something wrong. Either not installed the root at the |client correctly, or not served the server and all intermediate certs from |FreeRADIUS. I guess it's also possible the server cert is not valid wireless i.e. lacks |the magic OIDs. See here: | |http://wiki.freeradius.org/config/Certificates | |If you get a prompt to trust the root, that's normal and can only be worked around |by further telling the client in advance that the specific root is trusted for the |specific connection. |- |List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html