EAP-TLS failure

Stephen kbaegis at gmail.com
Thu Oct 18 12:09:06 CEST 2018


Solved. I missed a hidden tab in "Apple Configurator 2" setting up my
.mobileconfig profiles (Wifi->Trust). I had been using the wrong trusted
cert for the MacOS 802.1X setting.

Oops. :)

Thanks Adam, and hope this helps someone else!

On 10/17/18 5:58 PM, Stephen wrote:
> Wonderful suggestions, and thanks for the context.
>
> My certs are 8192 bit (sha512WithRSAEncryption) generated with LibreSSL
> 2.6.5, and my freeradius version is:
>
> radiusd: FreeRADIUS Version 3.0.18 (git #4b32b05a14), for host
> x86_64-unknown-linux-gnu, built on Oct  2 2018 at 22:28:12
> FreeRADIUS Version 3.0.18 ....
>
> I'll certainly try upgrading freeradius. Any advice on the crypto setup?
>
> Thanks!
>
> On 10/17/18 5:43 PM, Adam Bishop wrote:
>> On 17 Oct 2018, at 23:30, Stephen <kbaegis at gmail.com> wrote:
>>> wireless with the same cert. The cert still works for strongswan auth.
>> A few people have been finding this since upgrading to Mojave.
>>
>> You'll probably find that you're:
>>
>> * Running a very old version of FreeRADIUS?
>> * Running a very old version of OpenSSL?
>> * Using EAP certificates with sha1 hashes/512 bit RSA/DSA, or other obsolete crypto?
>>
>> The solution is to upgrade the obsolete component.
>>
>> Adam Bishop
>>
>>   gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
>>
>> jisc.ac.uk
>>
>> Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
>>
>> Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.  
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list