using SSL certs with EAP-TLS

Stefan Winter stefan.winter at restena.lu
Mon Jul 11 11:17:21 CEST 2016


Hello,

> After reading
> http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/iOS-quot-not-verified-quot-for-trusted-certificate/td-p/228121
> and https://discussions.apple.com/thread/5967450 I'm beginning to think:
> it can't be done, no warning on iOS. One will always get a certificate not
> verified warning upon the first connect in iOS. iOS's brother OS X is not
> complaining.

The first link tells you quite clearly in one of the responses:

"You will always get Not Verified unless you pre-configure clients with
a profile. It's a normal part of the EAP server validation process. "

And the person is right. So the solution is to create a configuration
profile, push that to users, and then there will be no warning on the
first Wi-Fi connection to your chosen network.

That is not "It can't be done".

Like Mathieu wrote, tools such as https://802.1x-config.org do exactly
this job: fill in your EAP deployment details, and you'll get a
re-usable configuration profile back.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160711/86d34ff0/attachment.sig>


More information about the Freeradius-Users mailing list