On 7.9.2019 3.03, Hirayama, Pat wrote:
So, using Radiator to authenticate our wifi access points, and it has been brought to my attention that iPhones show my commercially purchased GoDaddy certificate is “Not trusted”. I think this is the relevant part of the config file.
Suggestions or explanations of what I’m doing wrong would be appreciated. Oh, and I think I’m running Radiator 1.143 -- it’s pretty old.
I think the best you can do is to use EAPTLS_CertificateChainFile and point it to a file that has first the server certificate and then the intermediate CA certificates you want to send to the client.
Note that "Not trusted" does not necessary mean it's an error. It's just telling that there's no profile or any other existing trust. This should also be a one-time dialog, once the certificate is trusted, it should not pop up the dialog as long as the configuration remains the same. These things seem to change between client software releases, but I think this is how it currently works.
If I remember correctly, certificate chain problems trigger a different dialog that more clearly says that there's a problem.
What you could do is to get apple configuration from Apple's app store and try creating a profile to see how it changes things. Distributing the profile is a different matter, but it might be worth seeing how profiles work.
A quick config note: Only EAPType MSCHAP-V2 is needed in the inner AuthBy. The other EAPTLS parameters are not needed either in the inner AuthBy.
Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
