On Wed, Jun 22, 2016 at 10:44 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Jun 22, 2016, at 1:16 PM, Michael Martinez <mwtzzz@gmail.com> wrote: That's not *quite* what it says:
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/iOS-OSX-Secu...
... It turns out that if you use a ClearPass-signed RADIUS certificate and you do not specify https as the certificate type when you sign the CSR, ...
I haven't seen any problems with iOS.
My guess is that you created a server certifcate without the xpextensions file. i.e. printing a *good* certificate gets me:
... X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: URI:http://www.example.com/example_ca.crl ...
Your server certificate is probably missing those extensions.
I'm using the Makefile which is included in the freeradius/examples/certs folder, and it already includes xpextensions. Here's what I see when I double-check my server.crt: X509v3 extensions: X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 CRL Distribution Points: Full Name: URI:http://www.example.com/example_ca.crl Any other thoughts or suggestions?