Trusted CA, Signed Certs and Verification
Alan DeKok
aland at deployingradius.com
Fri Apr 4 16:59:13 CEST 2014
Sam Fakhreddine wrote:
> On windows machines we get a prompt saying that "Windows Cannot Verify the server's identity".
> On iOS when you view the certificate it says: "Not Verified"
Then that is the source of the problem.
> This is confusing because we use a global CA Root (Digicert) that *is* already installed on all devices.
I don't know. Much of SSL is magic to me. Much of how devices
implement SSL is magic. Much of how CAs operate is magic.
All I know is that I follow the scripts in raddb/certs/, and it works
for me. Doing anything else means someone, somewhere, breaks EAP.
i.e. someone *else* is breaking EAP. FreeRADIUS isn't picky. It just
does what it's told to do.
> Is the prompt normal even when using a Global CA Root that is installed on devices?
No. It means there's something wrong.
Alan DeKok.
More information about the Freeradius-Users
mailing list