Trusted CA, Signed Certs and Verification

Alan DeKok aland at deployingradius.com
Fri Apr 4 16:59:13 CEST 2014


Sam Fakhreddine wrote:
> On windows machines we get a prompt saying that "Windows Cannot Verify the server's identity".
> On iOS when you view the certificate it says: "Not Verified"

  Then that is the source of the problem.

> This is confusing because we use a global CA Root (Digicert) that *is* already installed on all devices.

  I don't know.  Much of SSL is magic to me.  Much of how devices
implement SSL is magic.  Much of how CAs operate is magic.

  All I know is that I follow the scripts in raddb/certs/, and it works
for me.  Doing anything else means someone, somewhere, breaks EAP.

  i.e. someone *else* is breaking EAP.  FreeRADIUS isn't picky.  It just
does what it's told to do.

> Is the prompt normal even when using a Global CA Root that is installed on devices?

  No.  It means there's something wrong.

  Alan DeKok.


More information about the Freeradius-Users mailing list