Hi Derek and packetfence-users -
We have a version 3 signed certificate from godaddy.com specifically named
and set for our packetfence server. It works perfectly for https access to
the admin console on packetfence. But our 802.1X connections do not seem
to use this cert, showing it as "Not Verified"
Our existing 802.1x deployment, that works on a Microsoft IAS server
running . We are passing AD domain credentials to authenticate. The
certificate on this server works fine.
Our android users connect with PEAP/MSCHAPV2 just fine.
Our iphone users connect they will get a Certificate page saying "Not
Verified" - Is there a way to have this say "verified" ?
Maybe I'll just not talk about linux and windows yet. :(
Thanks so much for the advice.
-
Pete Hoffswell - Network Manager
[email protected]
http://www.davenport.edu
On Wed, Feb 11, 2015 at 9:25 AM, Derek Wuelfrath <[email protected]>
wrote:
> Pete,
>
> It depends on what type of 802.1X authentication that you’d like to put in
> place.
> Most of the time, when we talk about 802.1X, we talk about EAP-PEAP
> (MSCHAP) to use domain credentials. We can also use EAP-TLS that requires
> client certificate to authenticate rather than credentials.
>
> EAP-PEAP (MSCHAP) will probably require a valid SSL certificate to be
> configured on the RADIUS server. That way, clients will not have to make
> any modification on their device to trust / untrust the server cert.
>
> EAP-TLS doesn’t require any special certificate, except than the ones you
> will be generating to authenticate the users.
>
> Let me know if you need more info.
>
> Cheers!
> dw.
>
> --
> Derek Wuelfrath
> [email protected] :: www.inverse.ca
> +1.514.447.4918 (x110) :: +1.866.353.6153 (x110)
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (
> www.packetfence.org)
>
> On February 10, 2015 at 15:57:25, Pete Hoffswell (
> [email protected]) wrote:
>
> Hi there -
>
> Is there a special certificate type that is needed for 802.1X
> authentication? How do I go about acquiring the correct type of cert, and
> applying it to my PacketFence installation?
>
> I don't see any documentation about this, and am not a certificate guru by
> any means.
>
>
> -
> Pete Hoffswell - Network Manager
> [email protected]
> http://www.davenport.edu
>
>
> ------------------------------------------------------------------------------
>
> Dive into the World of Parallel Programming. The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now.
> http://goparallel.sourceforge.net/_______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
