[strongSwan] Using RADIUS EAP-TLS auth on the Strongswan Android app
Aanand Ramachandran
aanandr at microsoft.com
Mon Jun 26 20:03:39 CEST 2017
Thanks Tobias. This is very useful.
When I choose automatic CA certificate selection, the Strongswan client sends the hashes of all the root certs installed on Android (including the ones in the "System" store). Is there a way to disable this behavior on the Strongswan client so that it doesn’t send all the hashes?
Aanand
-----Original Message-----
From: Tobias Brunner [mailto:tobias at strongswan.org]
Sent: Monday, June 26, 2017 8:53 AM
To: Aanand Ramachandran <aanandr at microsoft.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] Using RADIUS EAP-TLS auth on the Strongswan Android app
Hi Aanand
> Now,
> if I am using a RADIUS server to do EAP-TLS authentication then the
> client has to additionally validate the RADIUS server (using the
> RADIUS server’s certificate). How should I specify the root
> certificate for RADIUS server cert validation?
As mentioned at [1] the RADIUS server's certificate either has to be issued by the same CA as the IKE server's certificate (if you want to select a specific CA certificate), or you have to use automatic CA certificate selection and import the additional CA certificate in the app.
Regards,
Tobias
[1]
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.strongswan.org%2Fprojects%2Fstrongswan%2Fwiki%2FAndroidVPNClient%23145-2014-11-06&data=02%7C01%7Caanandr%40microsoft.com%7Cb9187050ed694cd7186908d4bcab61de%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636340891640479175&sdata=cnHoqDbiU0qb9VcZEPSW%2FU1cd1FTXM58dWlMj5aBwgc%3D&reserved=0
More information about the Users
mailing list