EAP-TLS and OS X clients

Jaap Winius jwinius at umrk.nl
Sun Feb 17 20:30:46 CET 2013

Hi folks,

My WPA2-Enterprise configuration with Freeradius 2.1.0, EAP-TLS and  
4096-bit SHA-1 certificates works great with wpaspplicant on Linux,  
but can anyone help me understand how to get this to work for OS X  
(Lion) clients?

My Linux client uses a copy of the ca.pem file to establish the link  
(after which PAP is used to authenticate), but although the same  
ca.pem file can be imported into the OS X client's keychain, this  
certificate never shows up as a selectable identity when configuring  
EAP-TLS wireless access, like in this case (bottom of the page):


In this example, the users are given a personalized *.cer certificate  
to add to their keychain. Since I don't have any client.cer files, I  
tried this approach with a client.csr file instead, which seemed  
personalized enough, but still I run into the same roadblock.

Can anyone say what I should be doing differently? E.g. are *.cer  
certificates mandatory (if so, how can I make them?), or can I not use  
my self-signed certificates?



More information about the Freeradius-Users mailing list