Trusted CA, Signed Certs and Verification
Phil Mayers
p.mayers at imperial.ac.uk
Fri Apr 4 09:37:49 CEST 2014
On 03/04/14 23:59, Sam Fakhreddine wrote:
> Hello,
>
> I have been trying to use a Trusted CA to sign our freeradius server.
>
> The certificates are installed, the key, cert, the root chain all in
> their appropriate PEM files.
>
> The devices try to get the certificate that we specify; However,
> whenever we try to connect with an iOS device or Windows we get an error
> saying that the identity cannot be verified.et
Do you get an error, or a prompt to trust the root for that connection?
If you get an error, you've done something wrong. Either not installed
the root at the client correctly, or not served the server and all
intermediate certs from FreeRADIUS. I guess it's also possible the
server cert is not valid wireless i.e. lacks the magic OIDs. See here:
http://wiki.freeradius.org/config/Certificates
If you get a prompt to trust the root, that's normal and can only be
worked around by further telling the client in advance that the specific
root is trusted for the specific connection.
More information about the Freeradius-Users
mailing list