Trusted CA, Signed Certs and Verification

Phil Mayers p.mayers at imperial.ac.uk
Fri Apr 4 09:37:49 CEST 2014


On 03/04/14 23:59, Sam Fakhreddine wrote:
> Hello,
>
> I have been trying to use a Trusted CA to sign our freeradius server.
>
> The certificates are installed, the key, cert, the root chain all in
> their appropriate PEM files.
>
> The devices try to get the certificate that we specify; However,
> whenever we try to connect with an iOS device or Windows we get an error
> saying that the identity cannot be verified.et

Do you get an error, or a prompt to trust the root for that connection?

If you get an error, you've done something wrong. Either not installed 
the root at the client correctly, or not served the server and all 
intermediate certs from FreeRADIUS. I guess it's also possible the 
server cert is not valid wireless i.e. lacks the magic OIDs. See here:

http://wiki.freeradius.org/config/Certificates

If you get a prompt to trust the root, that's normal and can only be 
worked around by further telling the client in advance that the specific 
root is trusted for the specific connection.


More information about the Freeradius-Users mailing list