Hi All,
I am currently deploying an Amigopod server in a University environment and have run into an issue with PEAP certificate trust which i was hoping to seek some real world advice on.
The issue is that we are using an Entrust SSL certificate on the Radius server of Amigopod to provide server authentication for PEAP / MSCHAP.
The certificate seems to be correct and works fine however what we are finding is that when a user connects to the wireless for the first time from a Windows 7 device or iOS device, they are prompted with a security warning advising that the certificate is not trusted.
I have checked that the root CA for the issuer (Entrust 2048) is installed on the PC's Trusted Root CA folder, I have also verified that the same CA is listed as supported in the iOS release.
Some reading i have done on other forums and this one suggest that this is the default behaviour as the CA is not trusted at the WLAN profile level until the first connection is successful.
After the first connection, the user is never prompted and it seems to be fine.
I have tried also installing the L1C intermediate CA certificate onto the Windows machine however this issue still occurs.
The trust seems to be fine when accessing the https interface of Amigopod as the browser shows no errors.
I am hoping to find some accurate explanation / workaround for this so i can inform my client as they are questionining the benefit of a Public CA when they can't utilise the trust defined in the end user devices.
Thanks in advance.
Scott