I have freeradius 2.0.5 successfully authenticating 802.1x via MSChapV2. I am trying to use a signed SSL certificate, that is signed by a CA w/ a chained CA certificate (from ipsca.com) I assumed that using a CA signed cert would do away w/ the errors on connection from WPA2 / 802.1x client, but it seems I'm wrong, or I have requested the cert with the incorrect CN. Are there any instructions on using a valid SSL cert so that users are not prompted to verify the cert on first connection? I have looked at the README in the certs directory, and I tried a self signed cert, which gave the same error. -- Charles Plater Lead Application Technical Analyst Internet Services +1-313-577-4620 ab3189@wayne.edu
Charles Plater wrote:
Are there any instructions on using a valid SSL cert so that users are not prompted to verify the cert on first connection?
The users need to load the certificate manually.
I have looked at the README in the certs directory, and I tried a self signed cert, which gave the same error.
You do NOT want to use certs signed by an existing CA. This can open your users to security problems. Alan DeKok.
On Oct 16, 2008, at 10:40 AM, Alan DeKok wrote:
Charles Plater wrote:
Are there any instructions on using a valid SSL cert so that users are not prompted to verify the cert on first connection?
The users need to load the certificate manually.
I have looked at the README in the certs directory, and I tried a self signed cert, which gave the same error.
You do NOT want to use certs signed by an existing CA. This can open your users to security problems.
Thanks for the info. Is it safe to distribute the ca.der file via a web server? -- Charles Plater Lead Application Technical Analyst Internet Services +1-313-577-4620 ab3189@wayne.edu
participants (2)
-
Alan DeKok -
Charles Plater