How create CA certificate for a linux based freeradius server?

Thu Jun 30 16:40:30 UTC 2022

Hi Guys,

I followed all instructions and now I'm able to generate certificates.
Thank you all.
I'm not very pleased about it so we're are trying to create a simple
android app to manage the connection parameters using the following
API:

https://developer.android.com/guide/topics/connectivity/wifi-suggest

It was a suggestion in this article:

https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/

Thank you again!

Em qua., 29 de jun. de 2022 às 12:05, Olivier <oza.4h07 at gmail.com> escreveu:
>
> @Thiago:
> I think adding a CA certificate to a Freeradius instance to please
> Android 11 is not an easy task !
> Saying this, I don't blame Freeradius at all for this (far from it, as
> Freeradius includes a quite exhaustive doc (see raddb/certs/README.md)
> and integrate various tools (make, bootstrap, ...)) but as I recently
> discovered, issues can also come from either Android device or from
> the device config/usage.
> When there is an issue, it's not easy to spot where it comes from and
> what to change (the device software, its config or your Freeradius
> config).
>
> The ideal situation would be to have a working reference for all
> involved elements (Android device (soft+config), Wifi AP, Freeradius
> (software+config), CA Cert) and then only change one element  at a
> time in this working reference until this it matches your target
> config.
>
> If you ever meet success adding a LetsEncrypt cert, I would be very
> curious to know some of your config details.
>
> I wish you the best luck in your testings.
>
> Le mer. 29 juin 2022 à 15:29, Alan DeKok <aland at deployingradius.com> a écrit :
> >
> > On Jun 29, 2022, at 9:21 AM, Thiago Martins via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> > > One of my users has an Android 11 smartphone and it no longer let you
> > > insecurely connect to enterprise WiFi networks. In the option "CA
> > > certificate" There is no "Do not validate" option. So I'm looking for
> > > a solution. How can I create a certificate for this user? My
> > > Freeradius server is running on linux.
> >
> >   Read raddb/certs/README.md
> >
> >   Or, get a "letsencrypt" certificate, and use that.
> >
> >   Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Atenciosamente;

Thiago M

-- 
www.itaueira.com 
<http://www.google.com/url?q=http%3A%2F%2Fwww.itaueira.com.br&sa=D&sntz=1&usg=AFQjCNH42Xq5lpseB4cAh2qH7npCQfuT4A>

facebook/melaoRei 
<https://www.google.com/url?q=https%3A%2F%2Fwww.facebook.com%2Fmelaorei%2F&sa=D&sntz=1&usg=AFQjCNHpoNbpLy4hPWrbONSyBkPJZ3Da5A> 
 f/ItaueiraTurmadaMonica 
<https://www.google.com/url?q=https%3A%2F%2Fwww.facebook.com%2FItaueiraTurmadaMonica&sa=D&sntz=1&usg=AFQjCNEiygBAltzyxrySohIxySxT03oNLg> 
 f/ItaueiraMelon 
<https://www.google.com/url?q=https%3A%2F%2Fwww.facebook.com%2Fitaueiramelon&sa=D&sntz=1&usg=AFQjCNH2YLsM-RqYfRFrgBkzTErDSOGaeg> 

Esta mensagem é endereçada exclusivamente ao seu destinatário e poderá 
conter informações confidenciais. 
O uso não autorizado de tais informações 
é proibido e estará sujeito às penalidades cabíveis. 
*This message is 
intended exclusively for its addressee and may contain information that is 
confidential. *
*Unauthorized use of such information is prohibited and 
subject to applicable penalties.*