EAP SSL Cert "Not Trusted"

Alan DeKok aland at deployingradius.com
Wed Jun 14 17:37:29 CEST 2017

On Jun 14, 2017, at 11:19 AM, Trevor Jennings <Trevor at simple101.com> wrote:
> We are using Thawte which Apple devices already trust (These are more
> common devices on our network).

  Do not use public CA certs for WiFi authentication.  It's insecure.

  And no, the Apple devices do NOT already trust the Thawte cert for WiFi authentication.  They trust the Thawte cert for web surfing, which is entirely different.

  You need to have a mobileconfig which tells each device what the SSID is, what EAP method to use, and what CA to use.

> Are you referring to configuration profiles that are setup on the clients?

  Yes.  You need to configure each device as I said above.

  In order to get EAP working, follow the guide at:


  It WILL work.

  And yes, it involves creating your own certificates, and also installing the certificates on the clients.

  Alan DeKok.

More information about the Freeradius-Users mailing list