EAP TLS certificates - Questions

Elias Pereira empbilly at gmail.com
Fri Dec 17 19:39:27 CET 2021


Ok. And can CN have writing spaces? Example: "My CN server"

On Fri, Dec 17, 2021 at 2:01 PM work vlpl <thework.vlpl at gmail.com> wrote:

> It should be CN from cert. Maybe SAN also will work I didn't test it.
>
> On Fri, 17 Dec 2021 at 05:20, Elias Pereira <empbilly at gmail.com> wrote:
> >
> > hello work vplp,
> >
> > I am talking about the domain option in the image below.
> >
> > [image: image.png]
> >
> > On Thu, Dec 16, 2021 at 4:17 PM work vlpl <thework.vlpl at gmail.com>
> wrote:
> >
> > > I do not see an option on my Android device to configure FQDN
> > > manually, but you can create a profile for Android and install it.
> > > Check this page
> > > https://source.android.com/devices/tech/connect/wifi-passpoint you
> > > will find an xml example of profile.
> > >
> > > Android 11 by documentation should use node AAAServerTrustedNames,
> > > maybe this works on Pixel or other devices that use stock Android. My
> > > device from Samsung uses this xml node to check CN in radius server
> > > certificate.
> > >
> > > <Node>
> > >           <NodeName>FQDN</NodeName>
> > >           <Value>hotspot.example.net</Value>
> > > </Node>
> > >
> > > Android < 11 also uses FQDN node to check CN
> > >
> > >
> > > On Thu, 16 Dec 2021 at 22:57, Elias Pereira <empbilly at gmail.com>
> wrote:
> > > >
> > > > The problem is this new android 11 rule that requires us to put
> > > > the domain in the EAP-TLS configuration. It's a pain in the ass!
> > > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> >
> >
> > --
> > Elias Pereira
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-- 
Elias Pereira


More information about the Freeradius-Users mailing list