using SSL certs with EAP-TLS

Stefan Winter stefan.winter at
Mon Jul 11 11:17:21 CEST 2016


> After reading
> and I'm beginning to think:
> it can't be done, no warning on iOS. One will always get a certificate not
> verified warning upon the first connect in iOS. iOS's brother OS X is not
> complaining.

The first link tells you quite clearly in one of the responses:

"You will always get Not Verified unless you pre-configure clients with
a profile. It's a normal part of the EAP server validation process. "

And the person is right. So the solution is to create a configuration
profile, push that to users, and then there will be no warning on the
first Wi-Fi connection to your chosen network.

That is not "It can't be done".

Like Mathieu wrote, tools such as do exactly
this job: fill in your EAP deployment details, and you'll get a
re-usable configuration profile back.


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list