Proxy to realm after eap-ttls authantication

Alan DeKok aland at deployingradius.com
Tue Nov 24 15:55:21 CET 2020


On Nov 24, 2020, at 8:32 AM, Mesut Ozturk <mesut at nevotek.com> wrote:
> I am creating a passpoint.config file for android devices and adding trust root CA certificate  to profile. So yes Wifi profile has CA.

  Well, the "unknown CA" message is pretty clear.

> I am using GlobalSign Trusted Root certificate both on android clients and freeradius. On freeradies what i did in tls config :

  Where did you get the *server* certificate from?

> tls-config tls-common {
> 
>                ca_file = /etc/freeradius/3.0/certs/trustrootg2.pem
> 
> }
> 
> 
> "trustrootg2.pem" is the certificate which i said GlobalSign Trusted Root certificate.

  That's nice.  It doesn't help.

  Where did you get the *server* certificate from?

> Also when i try with an ios device ,it does not give a CA error, but still dont Proxy to my home Radius.

  My $0.02 is to fix one problem at a time.

  But... that debug output doesn't show anything useful.  Why post *part* of the debug output, when you can post *all* of it?

  If you don't know how to read the debug output, there's documentation for that:  http://wiki.freeradius.org/radius-X

  And if you don't know how to read the debug output, you *definitely* shouldn't be editing it.  You have no idea what's important, and what isn't important.  Something you deleted is very likely the thing we need to help you.

  Alan DeKok.




More information about the Freeradius-Users mailing list