Hi Jesper, I think this is normal behavior. In eduroam we install the CA’s root-certificate in the client/supplicant. (The 'eduroam CAT’ crafted installer does so).
The clients certificate store is the responsibility of the browser (in a laptop). So, in a web context your server-certificate is said to be click-free (automatic acknowledged), if the CA has paid to be included in the default collection within the certificate store. I am not into if wi-fi is able to access those certificate stores on some platforms. Best, Ole -- ole.frendved.han...@deic.dk DeIC, Danish e-Infrastructure Cooperation, www.deic.dk Den 01/09/2015 kl. 15.48 skrev Jesper Skou Jensen <jesper.skou.jen...@stil.dk>: > Hello people, > > I’m in the process of renewing a certificate for our Radiator setup and I’ve > run into a bit of problem. > > The problem is that I can’t get clients to trust the WPA2 certificate when > connecting to the network. Eg. Windows 7, an iPhone and probably other > clients too. > > On the iOS I keep getting the message “Not Trusted” when logging on to the > network the first time and on both Windows and iOS I have to accept the > certificate before getting logged on. > > I’m wondering if that’s the way it’s supposed to work or if I’ve done > something wrong with my Radiator config? > > > It’s a Enterprise WPA2 setup. > > Running Radiator version 4.15 on Linux. > > The certificate is signed by COMODO and should be trusted by various > browsers, phones, etc. > > The certificate specific part of the radiator configuration is like this: > > EAPTLS_CAPath %D/certificates/ca-certs > EAPTLS_CertificateChainFile %D/certificates/server-chain > EAPTLS_CertificateType PEM > EAPTLS_PrivateKeyFile %D/certificates/server-key > > ca-certs only one file “AddTrustAB.pem” that has the CA Root certificate. > server-key is my private key. > server-chain first has my public key followed by two intermediate certs. > > > Does that sound about right, or have you got any recommendations? > > > Regards > Jesper Skou Jensen > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
