3rd-party certificates in FR3

Alan DeKok aland at deployingradius.com
Wed Sep 2 18:03:45 CEST 2015


On Sep 2, 2015, at 11:52 AM, Ivan Strelnikov <i.n.strelnikov at gmail.com> wrote:
> Please, comment if i were mistaken or not:
> I have intermediate ca certificate as ca.pem and private+device's scertificate as server.pem.
> Am i right or i should take whole chain to ca?
> device -> intermediate -> root ca?

  Read the "eap" module configuration.  This is all documented in the comments.

> The main problem is that the Apple devices in the wireless connecting dialog still writes "Untrusted" certificate.
> Even if my root ca is in white list of Apple.

  You have to add the certificate to a separate 802.1X list.

> So, i don't want to creates bundles of wi-fi profile to Apple or install my radius' certificate.
> I will appreciated if there is some opportunities to do so.

  You need to configure the client to accept the certificate.  There is NO WAY around this.

  Alan DeKok.




More information about the Freeradius-Users mailing list