SSL Certificate Question

Alan DeKok aland at deployingradius.com
Wed Jul 9 04:24:52 CEST 2014


  You could probably add that large certificate chains won't work with eap. Most access points limit eap to ~50 or so round trips. If the user isn't authenticated by then, the AP hangs up on the connection.  

  There was a guy from HP here years ago who had 4k bit certs, and then a long cert chain. The total was about 70k, which meant eap would need 70 or so round trips. He wS quite surprised when he was told that his config would never work. 

On Jul 8, 2014, at 9:51 PM, Nick Lowe <nick.lowe at gmail.com> wrote:

>> The problem seems to be that new clients running Mac OS X 10.9 cannot connect. We have had users trying manual setups and using an XpressConnect configuration profile.
> 
> The issue is perhaps then the more stringent certificate
> requirements/checks in 10.9 and your self signed certificate falling
> afoul of these somehow.
> 
> Take a look at this page for some ideas of things to check for under
> "Consideration 2: Recommended certificate properties":
> 
> https://wiki.terena.org/display/H2eduroam/EAP+Server+Certificate+considerations
> 
> Nick
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list