Freeradius 3 self signed certificate
Stefan Winter
stefan.winter at restena.lu
Tue Jun 30 07:59:26 CEST 2015
Hello,
> The certificate is actually issued from a subCA. What do I have to
> consider when installing the cert, key and cacert in the FreeRadius
> server? Does the ca certificate need to be concatenated from the rootCA
> and also the subCA?
> What do I need to consider when it comes to installing the cacert to the
> clients (iOS, Android, Windows 7+, Linux, OS X). Does the certificate be
> a catted cert from the rootca cert and the subca cert?
> I there anything else I need to consider? We're using TinyCA 0.7.5.
For client-side setup, you should give the last section of
http://freeradius.org/enterprise-wifi.html a read. This is linked from
the start page! https://802.1x-config.org is free and easy.
Regarding intermediates, you either need to send them during the EAP
conversation (server sends every time) or you need to install them
together with the root CA cert on the clients. The latter option will
leave all BYOD devices which don't get your config with a broken chain,
so that's usually not recommended.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150630/d6aad7dc/attachment.sig>
More information about the Freeradius-Users
mailing list