EAP-TLS working but asking for cert

Chevalier Violet chevalier.violet at gmail.com
Tue Sep 26 00:14:58 CEST 2017 

Hi Alans,

Alan D: yes I know iOS supports EAP-TLS, I'm just saying that
https://802.1x-config.org seems to not support it, or at least according to
this screen (attached, but not sure that will come through) that I got to
when I tried to export a mobileconfig for iOS. So unless I'm mistaken, I
can't make a .mobileconfig file using that suggested site, at least not for
EAP-TLS for iOS. But please do correct me if I'm wrong!

Alad B: Are you referring to the Apple Configurator 2? Unfortunately, it
can only be downloaded with a mac. I guess that could be arranged but boy
if either of you have a better idea, that would be great!

I added the ca.pem cert to my Linux connection--I hope that means that
rogue APs can't connect with me anymore!

Thanks--if y'all have insights, that would be great.

On Mon, Sep 25, 2017 at 5:58 PM, Alan Buxey <alan.buxey at gmail.com> wrote:

> Apple provide a tool to make mobileconfig profiles
>
> alan
>
> On 25 Sep 2017 10:21 pm, "Chevalier Violet" <chevalier.violet at gmail.com>
> wrote:
>
> > Thanks all--I have tried the 802.1x-config site. From what I'm seeing,
> with
> > just a basic EAP-TLS config, it says it's not compatible with iOS.
> Correct
> > me if I'm wrong?
> >
> > And thanks--to know that there's not many ways to make a mobileconfig is
> > good to know!
> >
> > On Mon, Sep 25, 2017 at 4:40 PM, Alan DeKok <aland at deployingradius.com>
> > wrote:
> >
> > > On Sep 25, 2017, at 4:31 PM, Chevalier Violet <
> > chevalier.violet at gmail.com>
> > > wrote:
> > > >
> > > > I mean, I can manually ask Linux to use the CA that I set, so I guess
> > > > that's all right.
> > > >
> > > > For the iPhone, are there any instructions for how to make the proper
> > > certs
> > > > via make client, etc. in the /etc/freeradius/certs directory? I
> thought
> > > the
> > > > .p12 certs were made for mobile devices like the iPhone. If you're
> > > telling
> > > > me to run some kind of mobileconfig command, I'm not sure what it is.
> > >
> > >   The point is you have to create a "mobileconfig" file for OSX.  That
> > > file contains information about the certificate, SSID, EAP method to
> use,
> > > etc.
> > >
> > >   Right now, there aren't really many tools to create such files.  See
> > > http://802.1x-config.org/ for one example.
> > >
> > >   Alan DeKok.
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > > list/users.html
> > >
> >
> >
> >
> > --
> > "Do not speak, unless it improves on silence."  -- Buddha
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/
> > list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>



-- 
"Do not speak, unless it improves on silence."  -- Buddha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ios.png
Type: image/png
Size: 101475 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170925/72521eaf/attachment-0001.png>

More information about the Freeradius-Users mailing list