Hi, > https://wiki.thayer.dartmouth.edu/display/computing/Configuring+an+OS+X+Mac+for+the+Dartmouth+Secure+Wireless+Network > > In this example, the users are given a personalized *.cer > certificate to add to their keychain. Since I don't have any > client.cer files, I tried this approach with a client.csr file > instead, which seemed personalized enough, but still I run into the > same roadblock. > > Can anyone say what I should be doing differently? E.g. are *.cer > certificates mandatory (if so, how can I make them?), or can I not > use my self-signed certificates?
right....SSL cerst can be in various formats. ones that are 'usable' depends on the underlying code....but the useful types are usually PEM, DER (also known as CER) and P12....these are all active certs CSR is a certificate signing request file and isnt a valid cert for client use. if you have one type you can easily convert it to any of the other formats using 'openssl' on the command line of a Linux or OSX system - the command format isnt trivial...but its fairly obvious, the man pages over it and there are MANY web pages out there telling you how to do it. under Linux, most of the network admin tools for WPA2/WPA enterprise are fairly limited and fussy about certificates, how and where they are installed...on OSX you need to ensure you have the CA installed - and TRUSTED! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
