Hi,
We are trying to setup eap for different mobile devices. We don't need
certificates for each user, we want to authorize againt the radius with
username and password only.
With self signed certificates its working if the mobile devices installs
the root ca certifcate.
We tried several 3rd party certificates: StartSSL, united ssl, godaddy,
test certificates from thawte.
Apple and windows clients are claiming, that the certificate is not
trusted.
Has anybody a working solution with 3rd party certificates and can tell
us which certifcate could be used and what needs to be configured in
eap.conf?
You should be aware that the trusted status of a CA is completely
independent in bowsers vs. for EAP.
Browsers have a (large|too large) set of CAs which they consider trusted.
EAP supplicants typically trust NO CA unless explicitly configured to.
In the Windows case, the supplicant will trust the 3rd party certs just
fine as soon as you open the EAP properties and check the box of that CA.
So, very often you will require extra manual/scripted configuration
whether you use a self-signed CA or not; merely the actual import of the
certificate file can be omitted if the CA is shipped.
I.e. you don't gain a lot, and spend more money when using a trusted
CA, so in the vast majority of cases, it is the wiser way to use a
self-signed CA.
Greetings,
Stefan Winter
Kind Regards
Uwe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html