Let’s Encrypt EAP-PEAP WiFi certificate

[GreenMatter]

I use Freeradius and I set LE certificate to be used for eap peap authentication. Unfortunately it does show up on iOS devices as untrusted (despite that is trusted on webpage).
Maybe it requires full chain certificate?

[mimugmail]

Why do you want to use LE for such serious service?

[Fright]

GreenMatter, untrusted or not verified?
its how ios works
https://framebyframewifi.net/2017/01/29/use-lets-encrypt-certificates-with-freeradius/
first comments

[mimugmail]

I dont trust it, noone should. If you are really concerned set up a PKI, if you are not, you can still use WPA2 without 802.1X

[Fright]

I dont trust it, noone should

why?

[mimugmail]

What will you do when this free service is taken down?

[Fright]

will switch to my own PKI (currently use for inside services. for services available via the Internet i use LE)

[GreenMatter]

Why do you want to use LE for such serious service?

I wanted to have/use publicly trusted certificate to do not force guest users to accept self signed certificate...


iOS device shown certificate as untrusted, thanks @Fright for link. Have a closer look at it.

[GreenMatter]

One more thing, OSX based computers also show LE certificate as untrusted when is used for Freeradius WiFi validation.


Long story short, it's better to use tailor made, self signed certificate with validity of let's say, 2 years? 😄

[mimugmail]

Guests should use WPA Personal or Open plus captive portal

[GreenMatter]

Guests should use WPA Personal or Open plus captive portal

Regardless guests, since users need to accept LE (untrusted) certificate every 2 months, so it is better to use untrusted, self signed certificate with much longer validity...