EAP-TLS and OS X clients
Jaap Winius
jwinius at umrk.nl
Sun Feb 17 20:30:46 CET 2013
Hi folks,
My WPA2-Enterprise configuration with Freeradius 2.1.0, EAP-TLS and
4096-bit SHA-1 certificates works great with wpaspplicant on Linux,
but can anyone help me understand how to get this to work for OS X
(Lion) clients?
My Linux client uses a copy of the ca.pem file to establish the link
(after which PAP is used to authenticate), but although the same
ca.pem file can be imported into the OS X client's keychain, this
certificate never shows up as a selectable identity when configuring
EAP-TLS wireless access, like in this case (bottom of the page):
https://wiki.thayer.dartmouth.edu/display/computing/Configuring+an+OS+X+Mac+for+the+Dartmouth+Secure+Wireless+Network
In this example, the users are given a personalized *.cer certificate
to add to their keychain. Since I don't have any client.cer files, I
tried this approach with a client.csr file instead, which seemed
personalized enough, but still I run into the same roadblock.
Can anyone say what I should be doing differently? E.g. are *.cer
certificates mandatory (if so, how can I make them?), or can I not use
my self-signed certificates?
Thanks,
Jaap
More information about the Freeradius-Users
mailing list