PEAP - Intermediate CA
Alan DeKok
aland at deployingradius.com
Tue May 12 09:31:47 CEST 2009
CJ O wrote:
> I am having an issue where FreeRadius is not handing the intermediate CA
> to a windows WPA2 client. We are in the process of deploying WPA2/AES
> with PEAP. So we purchased a certificate from a company that has a
> Trusted Root CA in Windows, Mac OSX, and Linux. However, it was signed
> with there intermediate CA, so the OS will not vailded the certificate
> during authentication.
So long as the CA chain is intact, this should work.
> The only solution seems to be installing the intermediate CA certifcate
> on all my clients (2,000-3,000). If it possible to chain the
> certificates together like you can in Apache?
Yes. But you need to install the CA chain on the RADIUS server. See
eap.conf:
# If CA_file (below) is not used, then the
# certificate_file below MUST include not
# only the server certificate, but ALSO all
# of the CA certificates used to sign the
# server certificate.
certificate_file = ${certdir}/server.pem
Odds are you didn't include the intermediate certificates in the
RADIUS configuration.
Alan DeKok.
More information about the Freeradius-Users
mailing list