Trusted CA, Signed Certs and Verification

[Sam Fakhreddine]

On windows machines we get a prompt saying that "Windows Cannot Verify the server's identity".
On iOS when you view the certificate it says: "Not Verified"

This is confusing because we use a global CA Root (Digicert) that *is* already installed on all devices.

Is the prompt normal even when using a Global CA Root that is installed on devices?

Sam Fakhreddine
p 780-395-5455 
|-----Original Message-----
|From: freeradius-users-bounces+sam.fakhreddine=ledcor.com at lists.freeradius.org
|[mailto:freeradius-users-
|bounces+sam.fakhreddine=ledcor.com at lists.freeradius.org] On Behalf Of Phil
|Mayers
|Sent: Friday, April 04, 2014 1:38 AM
|To: freeradius-users at lists.freeradius.org
|Subject: Re: Trusted CA, Signed Certs and Verification
|
|On 03/04/14 23:59, Sam Fakhreddine wrote:
|> Hello,
|>
|> I have been trying to use a Trusted CA to sign our freeradius server.
|>
|> The certificates are installed, the key, cert, the root chain all in
|> their appropriate PEM files.
|>
|> The devices try to get the certificate that we specify; However,
|> whenever we try to connect with an iOS device or Windows we get an
|> error saying that the identity cannot be verified.et
|
|Do you get an error, or a prompt to trust the root for that connection?
|
|If you get an error, you've done something wrong. Either not installed the root at the
|client correctly, or not served the server and all intermediate certs from
|FreeRADIUS. I guess it's also possible the server cert is not valid wireless i.e. lacks
|the magic OIDs. See here:
|
|http://wiki.freeradius.org/config/Certificates
|
|If you get a prompt to trust the root, that's normal and can only be worked around
|by further telling the client in advance that the specific root is trusted for the
|specific connection.
|-
|List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html