[RADIATOR] Radiator, WPA2, certificates and untrusted

Ole Frendved Hansen olef at dtu.dk
Tue Sep 1 10:14:35 CDT 2015 

Hi Jesper,

I think this is normal behavior.
In eduroam we install the CA’s root-certificate in the client/supplicant. (The 'eduroam CAT’ crafted installer does so).

The clients certificate store is the responsibility of the browser (in a laptop).
So, in a web context your server-certificate is said to be click-free (automatic acknowledged), if the CA has paid to be included in the default collection within the certificate store.

I am not into if wi-fi is able to access those certificate stores on some platforms.


Best, Ole
--
ole.frendved.hansen at deic.dk
DeIC, Danish e-Infrastructure Cooperation, www.deic.dk




Den 01/09/2015 kl. 15.48 skrev Jesper Skou Jensen <jesper.skou.jensen at stil.dk>:

> Hello people,
> 
> I’m in the process of renewing a certificate for our Radiator setup and I’ve run into a bit of problem.
> 
> The problem is that I can’t get clients to trust the WPA2 certificate when connecting to the network. Eg. Windows 7, an iPhone and probably other clients  too.
> 
> On the iOS I keep getting the message “Not Trusted” when logging on to the network the first time and on both Windows and iOS I have to accept the certificate before getting logged on.
> 
> I’m wondering if that’s the way it’s supposed to work or if I’ve done something wrong with my Radiator config?
> 
> 
> It’s a Enterprise WPA2 setup.
> 
> Running Radiator version 4.15 on Linux.
> 
> The certificate is signed by COMODO and should be trusted by various browsers, phones, etc.
> 
> The certificate specific part of the radiator configuration is like this:
> 
> EAPTLS_CAPath %D/certificates/ca-certs
> EAPTLS_CertificateChainFile %D/certificates/server-chain
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile %D/certificates/server-key
> 
> ca-certs only one file “AddTrustAB.pem” that has the CA Root certificate.
> server-key is my private key.
> server-chain first has my public key followed by two intermediate certs.
> 
> 
> Does that sound about right, or have you got any recommendations?
> 
> 
> Regards
> Jesper Skou Jensen
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20150901/43bfa30d/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 671 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://www.open.com.au/pipermail/radiator/attachments/20150901/43bfa30d/attachment.bin

More information about the radiator mailing list