On Nov 24, 2020, at 8:32 AM, Mesut Ozturk <mesut@nevotek.com> wrote:
I am creating a passpoint.config file for android devices and adding trust root CA certificate to profile. So yes Wifi profile has CA.
Well, the "unknown CA" message is pretty clear.
I am using GlobalSign Trusted Root certificate both on android clients and freeradius. On freeradies what i did in tls config :
Where did you get the *server* certificate from?
tls-config tls-common {
ca_file = /etc/freeradius/3.0/certs/trustrootg2.pem
}
"trustrootg2.pem" is the certificate which i said GlobalSign Trusted Root certificate.
That's nice. It doesn't help. Where did you get the *server* certificate from?
Also when i try with an ios device ,it does not give a CA error, but still dont Proxy to my home Radius.
My $0.02 is to fix one problem at a time. But... that debug output doesn't show anything useful. Why post *part* of the debug output, when you can post *all* of it? If you don't know how to read the debug output, there's documentation for that: http://wiki.freeradius.org/radius-X And if you don't know how to read the debug output, you *definitely* shouldn't be editing it. You have no idea what's important, and what isn't important. Something you deleted is very likely the thing we need to help you. Alan DeKok.