iOS doesn't trust server certificate signed by intermediate issuer
Igor Sousa
igorvolt at gmail.com
Thu Dec 3 22:01:08 CET 2020
Hi,
My institution generated our server certificate by GlobalSign, but we
received a server certificate signed by an intermediate issuer, an
intermediate issuer. We receveid the server, intermediate and root
certificates files.
I created a bundle with intermediate and root certificates, in this order
an. I configured the /etc/freeradius/mods-enabled/eap as below:
private_key_file = <path for server private key that I created>
certificate_file = <new path for server.pem received from GlobalSign>
ca_file = <path to ca.bundle obtained by cat intermediate.pem >> ca.bundle
and cat root.pem >> ca.bundle>
I run freeradius service with no issues as well as Android validates server
certificate. When I tested the iOS connection the device showed me the
server certificate as Not Trusted. I verified server certificate
information and it is correct. If I click on the Trust button on the device
screen, I can authenticate on Freeradius server with no issues.
Is this behavior right? Doesn't iOS trust in server certificate signed by
an intermediate chain?
--
Igor Sousa
More information about the Freeradius-Users
mailing list