I have spent the last few days setting up a freeradius server with eap-tls as the only authentication method. I have used this old tutorial for setting up my own CA and generating the certificates and adjusted the older parameters to match the current ones.
So far I managed to authenticate my iPhone 6 running iOS 11.1.2 as a test device, for that I have:
- Installed the root CA’s(the one I created) certificate on my iPhone
- Installed a test identity profile on my iPhone with the name "Test" and test passphrase, which I converted to a .p12 file
Now when I connect to the network with the freeradius server running in debug mode, I can select EAP-TLS as the auth type and tell it to use the identity certificate. It then prompts me to trust the server’s certificate and I get a successful connection.
I have 2 questions:
- Why do I need to trust the server’s certificate if I have the root CA’s certificate installed? As far as I understood the way the authentication works is as follows:
The server and client each send their respective certificate for the other party to authenticate with the root CA’s certificate. After both are completed there is an optional challenge for the client to complete? (I’m not sure about this) and the client is authenticated
The server doesn’t need to be told to explicitly trust the client certificate but the client needs to explicitly trust the server’s even though they are both issued and signed by the same root CA and both parties have the certificate needed to be able to verify it
AFAIK the whole point of certificate-based authentication is to prevent MiTM attacks that other methods are vulnerable against. If the user initially connects to a spoofed access-point and accepts that certificate it will refuse the correct RADIUS server and leak the client certificate to the wrong server, this would be avoided if the client can verify the server certificate on its own without user intervention
- There is a username option when selecting the network on the iPhone, which does get matched against a backend SQL database by the freeradius server regardless of that username existing the server accepts the authentication. This page notes that the username is used in inner and outer authentication but to me, that doesn’t seem to make sense as there is no inner and outer identity in EAP-TLS. I assume there is a way to tell the radius server to only accept requests that match a username in the database but if it is not configured that way by default what is the point? Doesn’t the certificate already uniquely identify the device/user and what is the point of the username field if anything can be entered?
I would appreciate an explanation to these concepts, I’m relatively new to certificate-based authentication and RADIUS in general so I’m still learning the basics.
The goal of this endeavor is to deploy the server in an eduroam-like environment where users can generate certificates for their devices on some website, download the two needed certificates and get access without having to trust another.
I should also note that I have complete access and control over the server and my CA so I can modify anything as needed, so no quirky workarounds here.