FYI, I gave up on eap-tls for OS X and ios.

Matthew Newton mcn4 at
Wed Mar 29 22:14:46 CEST 2017

On Wed, Mar 29, 2017 at 07:38:03PM +0000, John Tobin wrote:
> I am currently setup with a cisco 1282 access point running wpa2
> supported by free radius under suse linux [tumble weed].
> I am supporting students on window 7, [I believe I have a few
> win-10s] and osx, will be testing ios later this week.
> The server is the CA, and for testing purposes I had setup a
> self signed cert, and was testing the client cert.

FWIW, we've got FR 3.0.11 on Debian 8 servers with OpenSSL 1.0.1.
There are Macs and Windows 7 authenticating against it, Windows
with PEAP/EAP-TLS and Macs with plain EAP-TLS. Cisco WLCs/APs,

Certs are all from a local Microsoft CA. No "self-signed" certs
apart from the CA root of course. Both server certs and client certs
generated from the CA. Can't think why you'd use a self-signed
cert for the server cert, unless that wasn't what you meant.

Can't think what might not be working in your setup. But it does


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list