On Wed, Jun 14, 2017 at 10:56:10AM -0400, Trevor Jennings wrote:
We have several freeradius servers with a valid certificate for EAP. When the clients first log in via wifi, they are presented with a certificate "Not Trusted" warning, even though that certificate is signed by a trusted CA. Is this the expected behavior?
Is this because we are missing a piece that is required by the client to trust this certificate?
Make sure the root CA for the server certificate is installed in the correct place on the client devices. Also, if they are running Windows, make sure you've also got the correct extension OIDs (e.g. TLS Web Server) in the server certificate. You shouldn't get a warning each time you connect or if you change the server certificate. -- Matthew