SSL Certificate Question

Alan DeKok aland at
Wed Jul 9 04:24:52 CEST 2014

  You could probably add that large certificate chains won't work with eap. Most access points limit eap to ~50 or so round trips. If the user isn't authenticated by then, the AP hangs up on the connection.  

  There was a guy from HP here years ago who had 4k bit certs, and then a long cert chain. The total was about 70k, which meant eap would need 70 or so round trips. He wS quite surprised when he was told that his config would never work. 

On Jul 8, 2014, at 9:51 PM, Nick Lowe <nick.lowe at> wrote:

>> The problem seems to be that new clients running Mac OS X 10.9 cannot connect. We have had users trying manual setups and using an XpressConnect configuration profile.
> The issue is perhaps then the more stringent certificate
> requirements/checks in 10.9 and your self signed certificate falling
> afoul of these somehow.
> Take a look at this page for some ideas of things to check for under
> "Consideration 2: Recommended certificate properties":
> Nick
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list