EAP-TLS and OS X clients

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Sun Feb 17 23:10:57 CET 2013


> https://wiki.thayer.dartmouth.edu/display/computing/Configuring+an+OS+X+Mac+for+the+Dartmouth+Secure+Wireless+Network
> In this example, the users are given a personalized *.cer
> certificate to add to their keychain. Since I don't have any
> client.cer files, I tried this approach with a client.csr file
> instead, which seemed personalized enough, but still I run into the
> same roadblock.
> Can anyone say what I should be doing differently? E.g. are *.cer
> certificates mandatory (if so, how can I make them?), or can I not
> use my self-signed certificates?

right....SSL cerst can be in various formats.  ones that are 'usable' depends
on the underlying code....but the useful types are usually PEM, DER (also known as
CER) and P12....these are all active certs

CSR is a certificate signing request file and isnt a valid cert for client use.

if you have one type you can easily convert it to any of the other formats
using 'openssl' on the command line of a Linux or OSX system - the command format
isnt trivial...but its fairly obvious, the man pages over it and there are MANY
web pages out there telling you how to do it.

under Linux, most of the network admin tools for WPA2/WPA enterprise are fairly limited
and fussy about certificates, how and where they are installed...on OSX you need to ensure
you have the CA installed - and TRUSTED!


More information about the Freeradius-Users mailing list