SSL Certificate Question (Charles Plater) was Re: Freeradius-Users Digest, Vol 111, Issue 19

Rui Ribeiro ruyrybeyro at
Wed Jul 9 05:58:43 CEST 2014

Hi Charles,

The experience we have here is iOS devices, and apparently, the iPhone more
than the iPad are very picky with certificates. Recent OSX versions seem to
very a little more picky too. We used to have a lot of strange errors
before we fixed our certtificates.

Your certificate on the RADIUS side has to be carefully built to include
any extra certificates if you are using an intermediate root certificate. I
also maybe stating the obvious, however if you are using self signed
certificates it is a must to install the root certificate in the client
devices. I advise, for Windows and iOS devices, to build profiles.

Rui Ribeiro

> Message: 1
> Date: Tue, 8 Jul 2014 15:32:27 -0400
> From: Charles Plater <ab3189 at>
> To: freeradius-users at
> Subject: SSL Certificate Question
> Message-ID: <6271539D-6C15-4B9A-A71F-F4A72F1B3EAB at>
> Content-Type: text/plain; charset=windows-1252
> Many moons ago, i set up a FreeRadius server as part of our 802.1x / WPA
> project. At that time, I asked this list about using a commercially signed
> SSL certificate as opposed to a self signed certificate. I?m not sure I
> understood all of the reasons, but I was advised by another member of this
> list to use a self signed certificate. Fast forward 6 years to today, and
> our management is convinced that problems we are seeing w/ clients having
> problems connecting are related to the self signed SSL certificate. Could
> someone please describe to me the reasoning behind using a self signed
> certificate with on with FreeRadius? What kinds of problems /
> vulnerabilities will we be exposed to if we use a commercially signed
> (DigiCert) SSL certificate?
> Many thanks in advance.
> --
> Charles Plater
> Lead Application Technical Analyst
> Internet Services
> +1-313-577-4620
> ab3189 at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list