help seeing more debugging EAP-TTLS handshake
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Sep 25 16:01:21 CEST 2015
Hi,
> My problem with the Macs is figuring out what they do not like about the
> server certificate.
can you provide your server cert?
Macs will care about things like
is it SHA1 or SHA256 (and not MD5) - is the CA SHA1 or SHA256 too?
does the server cert have CA = false or can the server cert be a CA too? (CA = True) - ie no contraints
does the server cert have a Common Name and a SubjectAltName by the way?
it could be TLS negoitation failing - if the cipher method is DH-based - whats the size
of your DH key - needs to be 1024bit or more
start with those
alan
More information about the Freeradius-Users
mailing list