802.1x with GoDaddy Certificates EAP-TTLS

work vlpl thework.vlpl at gmail.com
Sat Jul 22 13:40:21 UTC 2023



> On 29 Jun 2023, at 16:58, Torsten Wilms via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> The idea behind using a public certificate is that anyone can connect to the WLAN without a certificate error if the username and password are correct


Hi, this question bugged me for a while but I didn't have time to verify it, today I've checked, and I think this depends on implementation inside Android.


I am using a Pixel phone and Android 11. It has the option to specify the certificates store/chain that will be used to verify the cert from the radius server. But by default, it is expected that you will install CA cert that was used to issue the cert for the radius server.
So I think you can make it work, but just need to do a bit more configuration on devices. 

It is not possible to send screenshots in mail list, so the links are to shared files on GDrive


https://drive.google.com/file/d/1mf0dG1wPC1rnw9NvxMNgb3qbPjtThsah - specify security "profile" 

https://drive.google.com/file/d/1yXknkMmSzTkf6sA7o0d5J-jdiwgG2rNF - specify which certificate store on the Android to use to verify cert from radius server

https://drive.google.com/file/d/1ga_QH3tRnyq64LdCJfeSvOcNpW6pdPYL - specify the domain for radius server that will be expected in server cert CN field



More information about the Freeradius-Users mailing list