SSL Certificate Question (Charles Plater) was Re: Freeradius-Users Digest, Vol 111, Issue 19
Hi Charles, The experience we have here is iOS devices, and apparently, the iPhone more than the iPad are very picky with certificates. Recent OSX versions seem to very a little more picky too. We used to have a lot of strange errors before we fixed our certtificates. Your certificate on the RADIUS side has to be carefully built to include any extra certificates if you are using an intermediate root certificate. I also maybe stating the obvious, however if you are using self signed certificates it is a must to install the root certificate in the client devices. I advise, for Windows and iOS devices, to build profiles. Regards, Rui Ribeiro https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Message: 1 Date: Tue, 8 Jul 2014 15:32:27 -0400 From: Charles Plater <ab3189@wayne.edu> To: freeradius-users@lists.freeradius.org Subject: SSL Certificate Question Message-ID: <6271539D-6C15-4B9A-A71F-F4A72F1B3EAB@wayne.edu> Content-Type: text/plain; charset=windows-1252
Many moons ago, i set up a FreeRadius server as part of our 802.1x / WPA project. At that time, I asked this list about using a commercially signed SSL certificate as opposed to a self signed certificate. I?m not sure I understood all of the reasons, but I was advised by another member of this list to use a self signed certificate. Fast forward 6 years to today, and our management is convinced that problems we are seeing w/ clients having problems connecting are related to the self signed SSL certificate. Could someone please describe to me the reasoning behind using a self signed certificate with on with FreeRadius? What kinds of problems / vulnerabilities will we be exposed to if we use a commercially signed (DigiCert) SSL certificate?
Many thanks in advance.
-- Charles Plater Lead Application Technical Analyst Internet Services +1-313-577-4620 ab3189@wayne.edu
participants (1)
-
Rui Ribeiro