EAP TLS certificates - Questions

work vlpl thework.vlpl at gmail.com
Fri Dec 17 18:00:08 CET 2021


It should be CN from cert. Maybe SAN also will work I didn't test it.

On Fri, 17 Dec 2021 at 05:20, Elias Pereira <empbilly at gmail.com> wrote:
>
> hello work vplp,
>
> I am talking about the domain option in the image below.
>
> [image: image.png]
>
> On Thu, Dec 16, 2021 at 4:17 PM work vlpl <thework.vlpl at gmail.com> wrote:
>
> > I do not see an option on my Android device to configure FQDN
> > manually, but you can create a profile for Android and install it.
> > Check this page
> > https://source.android.com/devices/tech/connect/wifi-passpoint you
> > will find an xml example of profile.
> >
> > Android 11 by documentation should use node AAAServerTrustedNames,
> > maybe this works on Pixel or other devices that use stock Android. My
> > device from Samsung uses this xml node to check CN in radius server
> > certificate.
> >
> > <Node>
> >           <NodeName>FQDN</NodeName>
> >           <Value>hotspot.example.net</Value>
> > </Node>
> >
> > Android < 11 also uses FQDN node to check CN
> >
> >
> > On Thu, 16 Dec 2021 at 22:57, Elias Pereira <empbilly at gmail.com> wrote:
> > >
> > > The problem is this new android 11 rule that requires us to put
> > > the domain in the EAP-TLS configuration. It's a pain in the ass!
> > >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
> --
> Elias Pereira
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list