Okei I accidently sent the previous post. But I finally got my own certificate working. The lesson was: Don't use exactly the same certificate values (State, Common name etc.) for both certificates. Should have listened to Alan DeKok when he said that type random characters to other places than to the passwords. If the the Server and Client certificates have same values the client certificate will display:"The certificate has a non-valid digital signature". I always thought they have to be the same not other way around.
By the way, you don't have to use EKU in Windows 2000 as described in Ken Roser's EAP/TLS how to. Is it really needed for XP? Now I will make a new one with correct information but for Server and Client certificate I'll use a different common name for example. This was kind of my own fault but I'll bet someone else might run into same problem so it should read somewhere in the EAP/TLS documents. As Artur Hecker said Freeradius should send the server certificate to the client that the client could validate the server. Lastly great thanks for developers making such a masterpiece software and answering my sometimes trivial questions! I will not torture you with my questions every day as of now on because I have a working enviroment in my hands now. Well see what happens when you get TTLS working or the 1.0 version comes out ;-) Truly best regards: Antti Mattila -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
