[c-nsp] EAP SSL certificates - how to?
matthew zeier
mrz at velvet.org
Fri Apr 18 13:54:03 EDT 2008
GeoTrust is a well known root CA and I don't get prompts going to
websites signed by them. I do, however, if I use the same cert for
RADIUS. The error is "unknown trust setting".
A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>> What's the magic to getting an EAP SSL cert (WLCs using RADIUS for WPA
>> Enterprise) to work with machines without getting cert warnings?
>>
>> I've used a self-signed one and got unknown root errors (expected) and
>> took a GeoTrust cert off a webserver and got unknown trust settings in
>> OSX. In either case, going into the OS certificate store and setting
>> the trust settings gets me past that but I'd rather not confuse users.
>
> the root CA that signed the cert needs to be in the store of the client.
> for self-signed this means you must put the CA onto the client..
>
> alan
More information about the cisco-nsp
mailing list