Windows Phone CA verification debugging

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Mon Sep 16 10:22:39 CEST 2013


Hi,

>    encountering some issues with those (yet quite rare) people with Windows
>    Phone  8 (WP8) systems.
>    WP8 devices are yet able to connect without (any) CA or common name
>    verification, but seem
>    to fail when I let them check the CA by choosing it from the device' CA
>    store. (As usual), the client-side error message is not helpful at all (it
>    fails to connect without any error message).

we've had no problems with self-signed CA or with 3rd party CA and standard
RADIUS certificate BUT the certificate must have CRLDP (CRL distribution point)
URL defined. that can either be at CA level or RADIUS level - or both.

eg

crlDistributionPoints = URI:http://yoururl.here/ca.crl

in the server extensions.

the HEAD for 2.2.x and 3.x FreeRADIUS has the required change to the certificate
generating code for this if you want to check/validate/verify

alan


More information about the Freeradius-Users mailing list