hello Mike, i have a big problem with this machine certificates for win2000 and xp. to create the CA and certificates i used the openssl tool. in addition i have added the microsoft OIDs in the opnessl.cnf.:
1.3.6.1.4.1.311.20.2=DER:1e:0e:00:4d:00:61:00:63:00:68:00:69:00:6e:00:65 and of course the Subjectaltname with the FQDN. but the client does not send anything. the certificates are stored in the lokal computer storage. it looks like that microsoft do not accept the certificates created with openssl for machine certificates. and now my question. wich tool do you use to create the certificates . or wich OIDs needs the certificate for microsoft compatibility. thanks in advance, jens - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
