Freeradius, BYOD and certs

[Chris Bradley]

Hi everyone!

We're trying to update our freeradius so that it will work with Android 11+
clients without using the "do not validate" option.

What we want to do is allow BYOD devices to connect to our freeradius
server (using LDAP authentication) and connect by putting the domain entry
in for connecting with an android.

Freeradius is working fine with LDAP.

Ultimately, I'm trying to put a certificate on the freeradius server so
that BYOD clients (android 11+ specifically) can authenticate using LDAP
*without* them having to download a certificate from somewhere before
attempting the connection to freeradius.

>From what I understand, I can't do that with a wildcard certificate or a
self-signed one.

So, if that's possible, I need some guidance on how to get it accomplished
and what kind of cert I need to procure.

Thanks!

-- 

This message originated from Bartholomew Consolidated School Corporation, 
Columbus, Indiana.


The message and any attachments may be confidential or 
privileged and are intended only for the individual or entity identified 
above as the addressee. This email should not be disseminated, distributed, 
or copied. If you are not the addressee, or if this message has been 
addressed to you in error, you are not authorized to read, copy or 
distribute this message or any attachments; and we ask that you please 
delete it and notify the sender by return e-mail. Delivery of this message 
and any attachments to any person other than the intended recipient(s) is 
not intended in any way to waive confidentiality or a privilege. All 
personal messages express views only of the sender, which are not to be 
attributed to Bartholomew Consolidated School Corporation, and may not be 
copied or distributed without this statement.