On May 27, 2015, at 11:13 AM, Ben Humpert <ben@an3k.de> wrote:
The client certificate is signed by the same CA (Signing CA) that also signed the server certificate. If I specify the Signing CA cert in ca_file and try to connect with Android (with the Signing CA cert specified) I get the 'unknown CA' error. If I disable ca certificate in Android I get
Errors. Test it with eapol_test. Odds are it will work. Then ask Android why their supplicant doesn't work.
In my raddb/certs directory I have the SigningCA.crt, the RootCA.crt, radius.crt (specified as certificate_file), radius.key (private_key_file) and ChainedCA.crt (ca_file).
That should be fine. But vendors are well known for brutally destroying protocols so that they don't work. Alan DeKok.