EAP-TLS default config

Alan DeKok aland at deployingradius.com
Wed Mar 8 14:55:53 UTC 2023

On Mar 8, 2023, at 8:45 AM, clement.legoffic at kelio.com wrote:
> Sad, even on android side I get unintelligible log output :(

  That is all too common.  The logs are usually created by programmers, for programmers.  There's usually not a lot of effort put into making them usable for end users.

> I get the certificates from the freeradius certs folder that is inside the freeradius dockerfile.
> They are legit and seems to work as they work on an Embedded Linux Device.

  That's good.

> The point is that I can't import the original p12 file format provided by the freeradius container.

  If you can't import the certs, then EAP-TLS won't work.  There really isn't any reason to debug EAP-TLS if the Android device doesn't have the correct certs.

> I am against this error : https://stackoverflow.com/questions/71872900/installing-pcks12-certificate-in-android-wrong-password-bug
> I followed the solutions exposed by the two main answer (to test them) and so I get two more p12 files that contains the same certificate and key (I can import them in Android).
> I still got the above error on freeradius side and unintelligible logs on Android side.

  Then the certificates weren't imported correctly into the android system.

> Is there any specifications for making freeradius working natively with recent Android version or do I have to struggle with OpenSSL ?

  I have no idea.  I haven't heard of anyone having this issue before.  Everyone just imports the certs, and they work.

  Alan DeKok.

More information about the Freeradius-Users mailing list