How create CA certificate for a linux based freeradius server?

Olivier oza.4h07 at gmail.com
Wed Jun 29 15:04:28 UTC 2022


@Thiago:
I think adding a CA certificate to a Freeradius instance to please
Android 11 is not an easy task !
Saying this, I don't blame Freeradius at all for this (far from it, as
Freeradius includes a quite exhaustive doc (see raddb/certs/README.md)
and integrate various tools (make, bootstrap, ...)) but as I recently
discovered, issues can also come from either Android device or from
the device config/usage.
When there is an issue, it's not easy to spot where it comes from and
what to change (the device software, its config or your Freeradius
config).

The ideal situation would be to have a working reference for all
involved elements (Android device (soft+config), Wifi AP, Freeradius
(software+config), CA Cert) and then only change one element  at a
time in this working reference until this it matches your target
config.

If you ever meet success adding a LetsEncrypt cert, I would be very
curious to know some of your config details.

I wish you the best luck in your testings.

Le mer. 29 juin 2022 à 15:29, Alan DeKok <aland at deployingradius.com> a écrit :
>
> On Jun 29, 2022, at 9:21 AM, Thiago Martins via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> > One of my users has an Android 11 smartphone and it no longer let you
> > insecurely connect to enterprise WiFi networks. In the option "CA
> > certificate" There is no "Do not validate" option. So I'm looking for
> > a solution. How can I create a certificate for this user? My
> > Freeradius server is running on linux.
>
>   Read raddb/certs/README.md
>
>   Or, get a "letsencrypt" certificate, and use that.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list