[RADIATOR] Certificate Not Trusted - InCommon?

Heikki Vatiainen hvn at open.com.au
Thu Sep 9 14:37:32 UTC 2021

On 8.9.2021 19.48, Ullfig, Roberto Alfredo wrote:

> Bringing this back, the main question I have is why do our users need to 
> Trust a certificate when connecting to our Radius Wifi but they don't 
> need to Trust a certificate when connecting to most other WiFi services 
> out there. Why is there a difference?

Are the other WiFI services, for example, WLANs that require 
authentication using a captive portal?

I'd say that in all cases authentication to WLANs that use 
WPA-Enterprise with an EAP method that is based on TLS, trust needs to 
be established manually by the user, with a profile or a tool that 
automates this. For example https://cat.eduroam.org/

If the above, the difference is that the browser knows that the server 
must have a certificate for example.org if the target URL is 

With TLS based RADIUS as used by WPA-Enterprise, a WPA-Enterprise 
client only knows the WLAN name (SSID) but there's nothing in the 
certificate a RADIUS server sends, at least currently, that ties 
together the certificate and the current SSID.

For an organisation that already uses eduroam, the CAT tool can simplify 
configuration substantially. It does not replace manual configuration or 
other tools - it's just another way to set up a device.


Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software

More information about the radiator mailing list