[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: [EXT] Client Compatibility with PEAP and Certificates
From:       Brian Julin <BJulin () clarku ! edu>
Date:       2019-09-24 17:04:43
Message-ID: BN7PR03MB3762E7B861922127108F95AAB4840 () BN7PR03MB3762 ! namprd03 ! prod ! outlook ! com
[Download RAW message or body]



Shan wrote:

> The issue I'm having is that when using my updated certificates and authenticating \
> my wireless clients via PEAP, some devices such as my Macbook Air (MacOS Mojave) \
> mark the certificates as valid while others, such as my iPhone (iOS 12) mark the \
> certificate as invalid. I believe this issue relates to the root trust certificate?

> What could I do to improve compatibility and prevent this invalid certificate issue \
> for my end users? Could this be solved by using a different certificate provider? \
> such as LetsEncrypt with a public CA?

Yes, you need a root CA that is in the factory OS store on all your devices.  Entrust \
and GoDaddy are two I know to work widely.

Alternatively you'd need to distribute a .mobileconfig profile with the root CA as a \
certificate payload (for Apples, and then you'd need something else like CAT for \
Windows and an MDM-like solution for Androids.)  But if you can get your users to do \
that, you could go with a private root and be better off overall.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]