Hi all I'm running FreeRadius 0.8.1 and OpenSSL 0.9.7b on FreeBSD 4.8-current. I've followed the directions for setting up EAP-TLS by Raymon McKay. I tried using both the OpenSSL beta linked to from Raymond's page, as well as the OpenSSL 0.9.7b in the FreeBSD ports collection. I get the impression, though, that the WinXP extension OIDs are not being included in the certs. I have several reasons for suspecting this:
- If I view the cert details on WinXP, I don't see the special use listed - -If I use OpenSSL -text, I don't see the OIDs mentioned in the cert descriptions - Server authentication doesn't work; I have to disable it to get a working connection from XP - My Pocket PC does not recognize the OpenSSL client certs (although that may be unrelated) - If I install my work networks root CA cert (generated on a Windows CA), I can successfully complete an authentication of my Pocket PC on the FreeRadius side, but one again, server authentication fails on the Pocket PC. I don't see any errors when I generate the certs, and my process and cert generation scripts (and xpextensions file) are exactly as described by McKay (I cut and paste the scripts). Has anyone got the server certs to work for Windows or Pocket PC clients? What might be the problem? TIA Gram P.S. I have a very crude Pocket PC program I wrote to dump out all the certs on my Pocket PC, in order to use my work certs in the home environment for client-side auth; if anyone wants a copy let me know. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
