Let’s get your Smallstep Wi-Fi account configured to use your external RADIUS server Root CA bundle.
That’s totally fine!
Let’s get your Smallstep Wi-Fi account configured to use your external RADIUS server Root CA bundle.
Typically, a server certificate bundle contains both the server certificate itself (eg. the certificate for radius.example.com) and all Intermediate CA certificates leading up to the Root CA. These are usually concatenated together into a single PEM file.
When using your own CA (or a public CA) to issue the RADIUS server certificate, you must upload a PEM file containing one or more Root CA certificates that your RADIUS server certificates are issued by. This might be an internal CA certificate or a publicly-trusted Web PKI CA certificate.
Even if your RADIUS server certificate was issued by a publicly-trusted CA, it will not be inherently trusted by Wi-Fi clients. Instead, all Wi-Fi clients must explicitly trust whatever Root CAs issue RADIUS server certificates. This trust is often established via an MDM profile that contains a known network configuration profile.
To provide Smallstep with your RADIUS Root CA bundle:
- Gather your Root CA bundle
- Go to your Wi-Fi Account Settings and choose Edit
- Under RADIUS Settings, choose Use Custom RADIUS Server.
- Choose External Root
- Upload your PEM-formatted Root CA bundle
- Choose “Save Account” to update your configuration