I mean, I can manually ask Linux to use the CA that I set, so I guess that's all right. For the iPhone, are there any instructions for how to make the proper certs via make client, etc. in the /etc/freeradius/certs directory? I thought the .p12 certs were made for mobile devices like the iPhone. If you're telling me to run some kind of mobileconfig command, I'm not sure what it is. On Mon, Sep 25, 2017 at 4:10 PM, Alan Buxey <alan.buxey@gmail.com> wrote:
use a mobileconfig provisin for the iOS device
for the Linux box - its set to be stupidly insecure by default, you need to configure the supplicant to only trust a particular CA (the joy of Linux is that unlike eg iOS/OSX/Windows et al) there isnt really a standard proper single CA location for all tools/OS to use - a few of them use the /etc/pki/ OpenSSL location, others use their own cert store.
alan
Hi all,
Trying to get the hang of this EAP-TLS thing on my iPhone. I did finally get a p12 cert working on my phone. But now when I connect, it asks me to trust a cert.
I've tried installing the ca.pem and the ca.der on my iPhone several times now, no luck.
Similarly, when I connect via Linux, I'm able to do so without showing my ca.pem. But Linux doesn't ask me to trust a cert--any clues what's going on?
Let me know if there are config file I can help you have?
CV!
-- "Do not speak, unless it improves on silence." -- Buddha - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
On 25 September 2017 at 21:06, Chevalier Violet <chevalier.violet@gmail.com> wrote: - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
-- "Do not speak, unless it improves on silence." -- Buddha