Ruckus, FreeRadius, 802.1x & certificates that work on Windows devices

  • 1
  • Question
  • Updated 9 months ago
We're using Freeradius as our AAA for our 802.1x authentication and currently have a self-signed certificate that works fine on iOS/Android/Chromebook/Linux/MacOS devices, and works for a short time on Windows devices. To resolve the Windows device issue we need to change up to a real certificate - the catch is we need one from a root CA that pre-exists in Windows so that the devices can validate it without needing to connect to the internet. Has anyone out there had this combination of technologies working, and which CA did you choose to get the certificate from that works?
Photo of Dael Sutton

Dael Sutton

  • 2 Posts
  • 0 Reply Likes

Posted 9 months ago

  • 1
Photo of Victor Cenac

Victor Cenac

  • 62 Posts
  • 19 Reply Likes
Digicert would work...
But you can install the cert on the windows machines... if you own them, as part of your domain....
Photo of Dael Sutton

Dael Sutton

  • 2 Posts
  • 0 Reply Likes
Unfortunately they're BYOD student owned devices and we don't want them domain joined or even MDM'd in any way, but Digicert sounds promising, thankyou. Have you had definite success with that CA?
Photo of Victor Cenac

Victor Cenac

  • 62 Posts
  • 19 Reply Likes
Yes, at this point their root CA cert seems to be present in all keystores. They are definitely becoming the biggest gorilla in the business.