Hello, we are on PF 13.2 still but if you goto Configuration > SSL Certificates and Radius tab you will see the full chain of LE certs including CA and Intermediate certs. Also PF will auto-renew the certs monthly.
We deliver all the necessary certs to our apple devices via MDM. Aaron On Sat, Nov 8, 2025 at 9:41 AM Abdlmalek Luttei via PacketFence-users < [email protected]> wrote: > Hi all, > > > After setting up 802.1X on a new SSID (PacketFence 14.1, Let’s Encrypt > cert), my iPhone sees the RADIUS cert but flags it as Not Trusted. I > double-checked I’m using the right cert. It looks like FreeRADIUS isn’t > sending the full chain during EAP (leaf + intermediate), so iOS can’t > validate it. > > > Questions: > > > 1. Is there a GUI path in PF to make RADIUS serve the full chain? > (Exact menu/fields would help.) > 2. If this has to be done manually, which files should I point RADIUS > to (fullchain vs cert, CA bundle, etc.), and which service(s) should I > reload after changes? > 3. For renewals with Let’s Encrypt, what’s the recommended way to keep > RADIUS picking up the new full chain automatically? (e.g., a post-renew > hook, symlink, and the right reload command?) > > > > > Thanks in advance for any pointers or examples. > > > Best, > Abdlmalik > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
