Hi Eric, >From what I understand, the reason that even 3rd party certificates fail is that the clients do not have a trusted radius store as they do with SSL. That is to say, by default, most clients will not trust any radius certificate regardless of the issuer.
Some vendors provide an on-boarding module that distributes the trust parameters to the client as a workaround to the above. Kevin On Mon, Mar 13, 2017 at 2:10 PM, Eric Glinsky <[email protected] > wrote: > Hi everyone, > > > > I’m looking for thoughts/opinions/experiences on 802.1x and security > certificates. I dug through the archives from a few years ago, and from > what I gather it isn’t even possible to use a 3rd-party cert so devices > (iOS, OS X, Windows, Android) trust it automatically, but maybe someone has > succeeded with this by now? If so, which CA would you recommend? > > > > For us, our GoDaddy wildcard cert failed to authenticate clients, so we > went with DigiCert. That isn’t trusted by clients by default, offering no > benefit over our domain-generated cert, with which all Apple and Windows > 8/10 devices must be told to “trust,” Windows 7 fails to authenticate > entirely, and Android just works. We have a Cisco WLC and Windows NPS. > > > > Thanks for any pointers you can give! > > > > - Eric > This e-mail message is intended only for the person or entity to which it > is addressed and may contain CONFIDENTIAL or PRIVILEGED material. Any > unauthorized review, use, disclosure or distribution is prohibited. If you > are not the intended recipient, please contact the sender and destroy all > copies of the original message. If you are the intended recipient but do > not wish to receive communications through this medium, please so advise > the sender immediately. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > -- Kevin Fitzgerald | Project/Program Specialist University of Arkansas at Little Rock | Information Technology Services 501.916.5019 | [email protected] | ualr.edu Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that comes via email, even from known contacts. For more information or to report suspicious email, visit http://ualr.edu/itservices/security/ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
