Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91

Update X509 description for CA certificate (#43122)

Browse source 
I learned that it doesn't matter if the client certificate is signed by
a root CA certificate specified under `Certificates[0].X509` when `Type`
is `Authority`.

In the case of `customer-pingali`, they have a client certificate signed
by a different CA, which confused their IT team. They initially used the
root CA that signed the client certificate and assumed that the same
certificate also signed the server certificate.
This commit is contained in:
Marko Lisica 2026-04-07 20:54:31 +02:00 committed by GitHub
parent 4b53b51d72
commit f7293042b3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
articles/configure-eap-tls-wifi-android.md
View file

@ -62,7 +62,7 @@ Follow the steps below to connect your Android hosts to enterprise Wi-Fi:
| `Identity` | Usually the user's email. |
| `DomainSuffixMatch` | Domain suffix used to verify the RADIUS server's identity. The host checks that the server certificate's SAN DNS name (or CN if no SAN is present) ends with this suffix. |
| `ClientCertKeyPairAlias` | Name of the certificate you added in Fleet under **Controls > OS settings > Certificates**. |
| `X509` | Base64-encoded content of the root CA certificate that signed both server and client certificates. Exclude header and footer (`-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`). |
| `X509` | Base64-encoded content of the root CA certificate that signed the server certificate. Exclude header and footer (`-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`). |
## See status