i.e. GlobalCorp has the CA, signs InstantSSL root as suitable for signing. InstantSSL signs your cert.
This is not usually a problem for software like Apache httpd, but can cause problems with less flexible server software.
1. I do not know if InstantSSL is doing this (although I vaguely remember them as providing a certificate like this to someone I know)
2. I do not know if FreeRADIUS will have problems using the chained certificate.
Cheers,
Ben
On 12/4/05, Laker Netman <[EMAIL PROTECTED]> wrote:
Yes, it's PEAP over wifi with XP supplicants. I will
query the CA as to whether that oid is included.
Regards,
Laker
--- Ben Thompson <[EMAIL PROTECTED]> wrote:
> On Fri, 2005-12-02 at 10:03 -0800, Laker Netman
> wrote:
> > I am considering use of a CA-signed SSL
> certificate.
> > Comodo (instantssl.com) offers an "Intranet SSL"
> > certificate good on a single, internal host. All
> of
> > their documentation refers to set up with a web
> server
> > or for email verification. Would it also work with
> FR?
>
> Are you doing PEAP on a wireless network with
> Windows clients?
>
> If so, you need to check that the certificate
> includes the
> server authentication oid 1.3.6.1.5.5.7.3.1 in the
> enhanced usage
> section.
>
> Cheers
>
> Ben
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
__________________________________________
Yahoo! DSL – Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
