Okay, i tested on and found an difference. I attach 2 Files. One is the output with an normal Client-Certificate the other with an Certifikate with the OID 1.3.6.1.4.1.311.17.2.
In both cases the Certifikate is rejected with Error in Certifikate A. The Client Certifikate ist tested as Client-Certifikate and works when installed as an normal Account Certifikate. Sems like the mistake is at the Certifikate itself??? When i generated the Special Machine Certifikate i changed out the normal OID against the other one described above. Or may i have to add OID as a second OID to the certifikate? Thanks for helping. :-) -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 6. Januar 2006 21:11 An: [EMAIL PROTECTED] Betreff: Re: Noone anny idea fot --> TLS Athentifikation before Domain, Logon XP? Hello, - login as local administrateur - start mmc.exe - add certificate / computer account / local computer (note sure for names, my XP is french, so I translate) - Then, in the tree, select root certification autority/Certificates - Right click, All tasks/Import - select your "root.der" - Then, in the tree, select Personnal/Certificates - Right click, All tasks/Import - select your "machine.p12" - enter your "private key" - close mmc - set AuthMode to "2" in registry - in computer panel/Network connection/wireless connection - tab "Association" WPA & TKIP - tab "Auth" check "Authenticate as computer..." - tab "Auth"/Properties check "Validate serveur certificate" and select your certificate in the list, !!! Be aware, in "property", you add to check "Connexion to these servers", but let it uncheck for testing - Pray... ;-) Hope it helps. FYI, it works for me. Regards, Jeremy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html