Hi Charles,

The experience we have here is iOS devices, and apparently, the iPhone more than the iPad are very picky with certificates. Recent OSX versions seem to very a little more picky too. We used to have a lot of strange errors before we fixed our certtificates.

Your certificate on the RADIUS side has to be carefully built to include any extra certificates if you are using an intermediate root certificate. I also maybe stating the obvious, however if you are using self signed certificates it is a must to install the root certificate in the client devices. I advise, for Windows and iOS devices, to build profiles. 

Regards,
Rui Ribeiro
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434



Message: 1
Date: Tue, 8 Jul 2014 15:32:27 -0400
From: Charles Plater <ab3189@wayne.edu>
To: freeradius-users@lists.freeradius.org
Subject: SSL Certificate Question
Message-ID: <6271539D-6C15-4B9A-A71F-F4A72F1B3EAB@wayne.edu>
Content-Type: text/plain; charset=windows-1252

Many moons ago, i set up a FreeRadius server as part of our 802.1x / WPA project. At that time, I asked this list about using a commercially signed SSL certificate as opposed to a self signed certificate. I?m not sure I understood all of the reasons, but I was advised by another member of this list to use a self signed certificate. Fast forward 6 years to today, and our management is convinced that problems we are seeing w/ clients having problems connecting are related to the self signed SSL certificate. Could someone please describe to me the reasoning behind using a self signed certificate with on with FreeRadius? What kinds of problems / vulnerabilities will we be exposed to if we use a commercially signed (DigiCert) SSL certificate?

Many thanks in advance.

--
Charles Plater
Lead Application Technical Analyst
Internet Services
+1-313-577-4620
ab3189@wayne.edu