oh Thanks. I think certificate in web server (ssl) could be used in radius. but , i look at in android settings, in privacy and security, there is list of trusted root CA installed. This CA is for browser or for eap ? Thanks. Regards Johan On Thu, Jun 29, 2023 at 9:59 PM Alan DeKok <aland@deployingradius.com> wrote:
On Jun 29, 2023, at 10:53 AM, Torsten Wilms <T.Wilms@m3connect.de> wrote:
Ok. But we use a GoDaddy G2 certificate. And the supplicant must have the root CA
No.
, because if not, the device would not to be able to validate any GoDaddy certificate in the browser ssl connection. Or am I thinking wrong?
"browser" != "supplicant"
While they both run on the same device, they are different pieces of software, with different configurations.
If you look for documentation on 802.1X and EAP, *everything* will tell you that you need to configure the root CA for EAP. This is how it works.
The reasons are complicated and unimportant here. All that is important is that the root CAs used for the web are *not* automatically used for EAP. And there are very good reasons for that.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html