Problem last change certificate R3 for R10

Help
1

Hello for all...
I use the lets encrypt certificate R3 for my RADIUS server. This is configurated for autentication users for connection internet with WiFi.
When I set use certificate of system in the connection in Android I log successfully. But now! With the lets encrypt certificate R10 I don´t connect. I just received the message "Unable to connect to the network."
I don´t know whats wrong....

2

When you "order" a Certificate from LetsEncrypt, you receive both the Leaf/EndEntity Certificate that covers your domain AND the Intermediate Certificate (such as R3 or R10) that corresponds to the PrivateKey used to sign your certificate.

The intermediate certificates were signed by the Trusted Root. R3 and R10 are intermediate certificates, which are subject to change without notice.

One of these two things likely happened:

  • You changed the Intermediate Certificate when you didn't have to. e.g. your certificate was signed by R3 but you configured the server to use R10 as an intermediate.
  • You did not change the Intermediate Certificate when you had to. e.g. your Certificate was signed by R10 but you did not update the server's configuration for the intermediate and are still serving the R3.
4 Likes
3

Do you mean like, client authentication? E.g., you get a certificate from Let's Encrypt for every user and distribute that client cert to users so they can authenticate with your RADIUS server?

If so, you shouldn't use R3. Frankly, I don't think you should use Let's Encrypt for that entirely, but use a private CA you've set up yourself.

If the above is not applicable at all, please explain your situation in more detail.

4 Likes
4

Hello, Osiris, in the past I used internal certificates, but, mobile Phones Motorola don´t acept these certificates, so, I need to use a valid public certificate...And with R3 certificate the mobile phone Motorola was working normal(Logged in the WiFi).

5

What do you mean by "with R3"? You mean back in 2024 when Let's Encrypt still issued certs using R3?

Even if Motorola phones wouldn't accept those certs, I still don't think you should use Let's Encrypt for client authentication. Maybe you simply had to supply the issuing cert/root from your private CA in combination with the user cert :man_shrugging:t2: Should be possible.

2 Likes
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.