Windows Machines not Validating Cert
Alan DeKok
aland at deployingradius.com
Wed Nov 6 10:24:19 UTC 2024
On Nov 6, 2024, at 10:20 AM, FreeRAD <yetifreerad at gmail.com> wrote:
>
> I'm using EAP-TTLS. When generating the production certs I know it says in
> the readme file that all client machines need to have the root CA installed
> for it to work, but that doesn't seem to be the case in my setup. If I
> connect from a windows 11 machine I get a notification asking if I am happy
> with the certificate information for the server that I am connecting to,
> but I haven't got the root CA cert installed on my machine. I then just
> accept the notification and it allows me to connect. Even after installing
> it nothing really changed.
The certificate chain is sent to the client as part of the TLS connection setup. So presumably the Windows machine is caching the cert.
i.e,. if it asks you "is the cert OK", and you say "yes", then that causes the cert / root CA to pass. That explains why it works.
> Would this indicate that something is set up wrong with the RADIUS server?
No. It indicates that you configured Windows to accept the server cert / root CA. So it accepts them.
Alan DeKok.
More information about the Freeradius-Users
mailing list