3rd-party certificates in FR3
Hello everyone! I'm using freeradius 3.0.9. And i want to realize next scheme: cisco wlc wi-fi -> freeradius -> mysql db. It's all ok with db, i just want to clear out the messages to end user about radius certificate. So, i want use a certificate, which root ca will be in apple\android's certificate stores. Maybe geotrust, maybe other. I didn't find how it should to install and i need help here. Thank you. tl;dr I need a cookbook how to setup chained certificate from other trusted root CA. -- BW, Ivan.
On Sep 1, 2015, at 5:59 PM, Иван Стрельников <i.n.strelnikov@gmail.com> wrote:
And i want to realize next scheme: cisco wlc wi-fi -> freeradius -> mysql db. It's all ok with db, i just want to clear out the messages to end user about radius certificate. So, i want use a certificate, which root ca will be in apple\android's certificate stores. Maybe geotrust, maybe other. I didn't find how it should to install and i need help here.
The certificates are just files on disk. Change them. Alan DeKok.
Thank you for the answer, Alan! Please, comment if i were mistaken or not: I have intermediate ca certificate as ca.pem and private+device's scertificate as server.pem. Am i right or i should take whole chain to ca? device -> intermediate -> root ca? The main problem is that the Apple devices in the wireless connecting dialog still writes "Untrusted" certificate. Even if my root ca is in white list of Apple. So, i don't want to creates bundles of wi-fi profile to Apple or install my radius' certificate. I will appreciated if there is some opportunities to do so. Thank you. 02.09.2015 1:32, Alan DeKok пишет:
On Sep 1, 2015, at 5:59 PM, Иван Стрельников <i.n.strelnikov@gmail.com> wrote:
And i want to realize next scheme: cisco wlc wi-fi -> freeradius -> mysql db. It's all ok with db, i just want to clear out the messages to end user about radius certificate. So, i want use a certificate, which root ca will be in apple\android's certificate stores. Maybe geotrust, maybe other. I didn't find how it should to install and i need help here. The certificates are just files on disk. Change them.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Sep 2, 2015, at 11:52 AM, Ivan Strelnikov <i.n.strelnikov@gmail.com> wrote:
Please, comment if i were mistaken or not: I have intermediate ca certificate as ca.pem and private+device's scertificate as server.pem. Am i right or i should take whole chain to ca? device -> intermediate -> root ca?
Read the "eap" module configuration. This is all documented in the comments.
The main problem is that the Apple devices in the wireless connecting dialog still writes "Untrusted" certificate. Even if my root ca is in white list of Apple.
You have to add the certificate to a separate 802.1X list.
So, i don't want to creates bundles of wi-fi profile to Apple or install my radius' certificate. I will appreciated if there is some opportunities to do so.
You need to configure the client to accept the certificate. There is NO WAY around this. Alan DeKok.
participants (3)
-
Alan DeKok -
Ivan Strelnikov -
Иван Стрельников