EAP SSL Cert "Not Trusted"

Matthew Newton matthew at newtoncomputing.co.uk
Wed Jun 14 17:01:55 CEST 2017

On Wed, Jun 14, 2017 at 10:56:10AM -0400, Trevor Jennings wrote:
>  We have several freeradius servers with a valid certificate for EAP. When
> the clients first log in via wifi, they are presented with a certificate
> "Not Trusted" warning, even though that certificate is signed by a trusted
> CA. Is this the expected behavior?
> Is this because we are missing a piece that is required by the client to
> trust this certificate?

Make sure the root CA for the server certificate is installed in
the correct place on the client devices.

Also, if they are running Windows, make sure you've also got the
correct extension OIDs (e.g. TLS Web Server) in the server certificate.

You shouldn't get a warning each time you connect or if you change
the server certificate.


More information about the Freeradius-Users mailing list