[RADIATOR] iPhones and SSL certificates
phirayam at fredhutch.org
Sat Sep 7 00:03:57 UTC 2019
So, using Radiator to authenticate our wifi access points, and it has been brought to my attention that iPhones show my commercially purchased GoDaddy certificate is "Not trusted". I think this is the relevant part of the config file.
So, GoDaddy provides a certificate (xxxxxxx.pem) and their intermediate / root bundle: gd_bundle-g2-g1.crt.
I originally had EAPTLS_Certificate pointing to xxxxxxx.pem from GoDaddy, and EAPTLS_CAFile pointing to gd_bundle-g2-g1.crt.
So, since then, I've tried various permutations -- the most recent of which is below. server.pem = xxxxxx.pem + the intermediate certificates from gd_bundle-g2-g1.crt. And EAPTLS_CAFile is pointing to gd-class2-root.crt, which is the root certificate portion of gd_bundle-g2-g1.crt. Still same error.
I am trying to avoid having to install the intermediate certificate on every iPhone out there --for one thing, in this BYOD world, I don't know that I should be installing on people's personal devices.
Suggestions or explanations of what I'm doing wrong would be appreciated. Oh, and I think I'm running Radiator 1.143 -- it's pretty old.
#### Wireless Clients using PEAP #####
# The most popular method, suported by default by Windows. Does not require a client-side cert and is thus considered less secure
# than EAP-TLS
NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
#### Outer Handler #####
# When clients check the 'Validate Server Certificate' (or equivalent), then this stanza plays a key role
Systems Engineer / 206.667.4856 / phirayam at fredhutch.org / Fred Hutch / Cures Start Here
CIT | Advancing IT and Data Services to Accelerate the Elimination of Disease
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the radiator