[c-nsp] EAP SSL certificates - how to?

Fred Reimer freimer at ctiusa.com
Fri Apr 18 15:42:49 EDT 2008


That sounds like a problem with OSX.  You need to get a more verbose
explanation of what the issue is.

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of matthew zeier
> Sent: Friday, April 18, 2008 1:54 PM
> To: A.L.M.Buxey at lboro.ac.uk
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] EAP SSL certificates - how to?
> 
> GeoTrust is a well known root CA and I don't get prompts going to
> websites signed by them.  I do, however, if I use the same cert for
> RADIUS.  The error is "unknown trust setting".
> 
> A.L.M.Buxey at lboro.ac.uk wrote:
> > Hi,
> >> What's the magic to getting an EAP SSL cert (WLCs using RADIUS for
> WPA
> >> Enterprise) to work with machines without getting cert warnings?
> >>
> >> I've used a self-signed one and got unknown root errors (expected)
> and
> >> took a GeoTrust cert off a webserver and got unknown trust settings
> in
> >> OSX.  In either case, going into the OS certificate store and
> setting
> >> the trust settings gets me past that but I'd rather not confuse
> users.
> >
> > the root CA that signed the cert needs to be in the store of the
> client.
> > for self-signed this means you must put the CA onto the client..
> >
> > alan
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3080 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080418/b2c7e15a/attachment.bin 


More information about the cisco-nsp mailing list