So I have WPA-Enterprise enabled on my wifi, using FreeRADIUS for the username and password on pfSense 2.5.2 working on my Linux laptop, android phone and ipad.
Now I would like to add a cert for my wifi connections, as well. On a linux laptop, I could not get it to work.
These are my general steps I took, perhaps someone can identify an error I have made ?
- Create a FreeRADIUS CA
- Create a FreeRADIUS cert for a server with 390 days duration.
- Under FreeRADIUS > EAP
EAP
Default EAP Type: PEAP
Minimum TLS Version: 1.0
Certificates for TLS
SSL CA Certificate: my FreeRadius CA
SSL Server Certificate: my FreeRADIUS server cert
EAP-TLS
Check Cert Issuer: checked (tried unchecked)
Check Client Certificate CN: Checked (tried unchecked)
All other settings I’ve left as default. - Imported the FreeRADIUS CA to my laptop.
- Now I create a user cert for my FreeRADIUS user using the same name as I have used in FreeRADIUS. Export it to my laptop.
- On Linux Mint, I connect to my wifi, importing the cert.
It doesn’t connect when I use the cert, if I leave out the cert I can connect.
What I have no idea about is, where in FreeRADIUS is it telling clients it MUST use a certificate. Or does my AP have to do this or are certs optional on FreeRADIUS by design.
Everything is pointing to the cert not being correctly created, the CN and username is the same, the duration for the cert is 390 days, they are the only things I have come across which didn’t seem obvious.
Any ideas ?