EAP TLS certificates - Questions

Anssi Saari as at sci.fi
Fri Dec 10 15:00:40 CET 2021

Alan DeKok <aland at deployingradius.com> writes:

> On Dec 9, 2021, at 4:37 PM, Anssi Saari <as at sci.fi> wrote:
>> On Android 11 and newer the domain apparently has to match the CN field
>> of the Radius server's certificate. The default for Freeradius is
>> Example Server Certificate. 
>   So... edit the files in raddb/certs, and create new certificates with the correct domain.

Hm. I'm not sure you understood they Elias's question? As I understood
it, it was "what needs to go in the domain field of wifi settings in
Android devices that won't let you leave it empty?" I believe I answered
that but his followup question I don't understand. And I'm not sure my
answer is correct, it's just "it works for me". Maybe because of some
fluke or bug in Android.

Come to think of it, do you have some idea why Android devices even have
a domain field in their wifi settings? NetworkManager in Linux too. Does
it have some standard meaning in EAP in general? And is the meaning
what Android now requires, namely that domain and server cert's CN
match, something that makes sense to you? Or are these too much of
client side questions?

More information about the Freeradius-Users mailing list