Changes between Version 72 and Version 73 of WikiStart


Ignore:
Timestamp:
Jul 5, 2013, 1:35:40 PM (11 years ago)
Author:
walter
Comment:

windows freeradius certificate push

Legend:

Unmodified
Added
Removed
Modified

  • WikiStart

    v72 v73  
    12151215
    12161216 *Mac/Linux
    1217 The "server.pem" file is the one that needs to be distributed/deployed among the eduroam users to correctly setup their supplicants for safely logging in, for Mac and Linux. For Mac it works, only validating the origin of the certificate !ITSELF! gives a warning (red* mark), since we didn't use/bought a known verified root CA so Mac OSX cannot Validate the "WirelessLeiden CA department" with the certificates it already has from verizon/thawte/etc. We can buy a certificate or we need to supply our own ROOT CA in our case "ca.pem" file. Than the Mac operating systems thinks everything is fine and the red mark about a certificate from a possible unknown provider will be gone.
     1217The "server.pem" file is the one that needs to be distributed/deployed among the eduroam users to correctly setup their supplicants for safely logging in, for Mac and Linux. For Mac it works, only validating the origin of the certificate !ITSELF! gives a warning (red* mark), since we didn't use/bought a known verified root CA so Mac OSX cannot Validate the "WirelessLeiden CA department" with the certificates it already has from verizon/thawte/etc. We can buy a certificate or we need to supply our own ROOT CA in our case "ca.pem" file. Than the Mac operating systems thinks everything is fine and the red mark about a certificate from a possible unknown provider will be gone. After importing this "root" "ca.pem" it can be easily converted by Mac OSX to "ca.cer" to be usable by Windows XP-8, since windows systems only allows Root (dutch=basis) certificates "ca.cer" to match its radius supplicant instead of "server.pem".
    12181218
    12191219 *Windows
    1220 After importing this "root" "ca.pem" it can be easily converted by Mac OSX to "ca.cer" to be usable by Windows XP-8, since windows systems only allows Root (dutch=basis) certificates "ca.cer" to match its radius supplicant instead of "server.pem". In Windows double click the ca.cer file and import it into the ROOT store! Than you will be able to select it in the PEAP / supplicant option when you setup the eduroam window in network settings!
     1220In Windows double click the ca.cer file and import it into the ROOT store! Than you will be able to select it in the PEAP / supplicant option when you setup the eduroam window in network settings! Freeradius by default creates a ca.der file which can be renamed to cer to be used by windows. If Freeradius/certs/ folder also contains a ca.cer it can be automatically be pushed to windows clients for installing!
    12211221
    12221222Convert a DER file (.crt .cer .der) to PEM