EAP-TLS working but asking for cert

Chevalier Violet chevalier.violet at gmail.com
Mon Sep 25 22:31:55 CEST 2017


I mean, I can manually ask Linux to use the CA that I set, so I guess
that's all right.

For the iPhone, are there any instructions for how to make the proper certs
via make client, etc. in the /etc/freeradius/certs directory? I thought the
.p12 certs were made for mobile devices like the iPhone. If you're telling
me to run some kind of mobileconfig command, I'm not sure what it is.

On Mon, Sep 25, 2017 at 4:10 PM, Alan Buxey <alan.buxey at gmail.com> wrote:

> use a mobileconfig provisin for the iOS device
>
> for the Linux box - its set to be stupidly insecure by default, you
> need to configure the supplicant to only trust a particular CA
> (the joy of Linux is that unlike eg iOS/OSX/Windows et al) there isnt
> really a standard proper single CA location for all tools/OS to use -
> a few
> of them use the /etc/pki/ OpenSSL location, others use their own cert
> store.
>
> alan
>
> On 25 September 2017 at 21:06, Chevalier Violet
> <chevalier.violet at gmail.com> wrote:
> > Hi all,
> >
> > Trying to get the hang of this EAP-TLS thing on my iPhone. I did finally
> > get a p12 cert working on my phone. But now when I connect, it asks me to
> > trust a cert.
> >
> > I've tried installing the ca.pem and the ca.der on my iPhone several
> times
> > now, no luck.
> >
> > Similarly, when I connect via Linux, I'm able to do so without showing my
> > ca.pem. But Linux doesn't ask me to trust a cert--any clues what's going
> on?
> >
> > Let me know if there are config file I can help you have?
> >
> > CV!
> >
> > --
> > "Do not speak, unless it improves on silence."  -- Buddha
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html




-- 
"Do not speak, unless it improves on silence."  -- Buddha


More information about the Freeradius-Users mailing list