Alan DeKok wrote:
Aaron Mahler wrote:
It is issued by GoDaddy and does trace back to a valid root cert that I've found exists by default on my OS X systems.
This isn't a good idea for RADIUS systems. It means that the 802.1X clients will happily hand their credentials to *anyone* who has a root signed certificate.
For RADIUS and EAP, you should use self-signed certificates.
When handed to clients via Radius for 802.1x authentication, though, it's declared as untrusted during the sign-on process.
That's a Mac thing...
Mac OSX doesn't trust any Root CAs by default, even if they're preinstalled on the machine.
[snip]
We'll be serving a large enough user base here that the certificate trust warnings are going to be a HUGE support headache. I need it to be seamless for the end user.
It's not really that hard... But if you really think you're going to have a problem, check out one of the dissolvable autoconfiguration clients like cloudpath. Arran