[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: [EXT] Client Compatibility with PEAP and Certificates
From: Brian Julin <BJulin () clarku ! edu>
Date: 2019-09-24 17:04:43
Message-ID: BN7PR03MB3762E7B861922127108F95AAB4840 () BN7PR03MB3762 ! namprd03 ! prod ! outlook ! com
[Download RAW message or body]
Shan wrote:
> The issue I'm having is that when using my updated certificates and authenticating \
> my wireless clients via PEAP, some devices such as my Macbook Air (MacOS Mojave) \
> mark the certificates as valid while others, such as my iPhone (iOS 12) mark the \
> certificate as invalid. I believe this issue relates to the root trust certificate?
> What could I do to improve compatibility and prevent this invalid certificate issue \
> for my end users? Could this be solved by using a different certificate provider? \
> such as LetsEncrypt with a public CA?
Yes, you need a root CA that is in the factory OS store on all your devices. Entrust \
and GoDaddy are two I know to work widely.
Alternatively you'd need to distribute a .mobileconfig profile with the root CA as a \
certificate payload (for Apples, and then you'd need something else like CAT for \
Windows and an MDM-like solution for Androids.) But if you can get your users to do \
that, you could go with a private root and be better off overall.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic