Re : PEAP certificates, signing requirements and examples

Tue, 10 Jul 2007 02:44:46 -0700 

I have read and used the make_cert_command = "${certdir}/bootstrap"; its 
excellent tool but it only creates 
 clientAuth and serverAuth and does not add PEAP which ofcourse one can add by 
himself.  Eventhough freeradius will authenticate some supplicants will require 
users to first time save the cert. Windows supplicants the oids :  xpclient_ext 
and xpserver_ext  and on MAC supplicants ? ; it usually pops up message "the 
server certificate is not trusted because there no explicit trust settings" - 
this seem to require the setting of eap oid. The question is what is the 
difference between web server and radius server certificates with respect to 
ssl and wireless in the context of EAP, PEAP. Does it matter if the cn is the 
SSID of the wireless network for radius server auth and server domain name for 
webserver auth?

[ PEAP ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
extendedKeyUsage = 1.3.6.1.5.5.7.3.1

[
 clientAuth ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2

[ serverAuth ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
 
================================================== 
Benjamin K. Eshun

----- Message d'origine ----
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list <[email protected]>
Envoyé le : Lundi, 9 Juillet 2007, 18h12mn 28s
Objet : Re: PEAP certificates, signing requirements and examples

Eshun Benjamin wrote:
> Hi All,
> I came across this infomation and tought it would be nice to drop it
> here. Eventhough it is ssl issue it has to do with PEAP. Just to
> discuss; any comments.

  This is documented in eap.conf, among other places.  It's on the Wiki,
in the script files that create the test certificates for the server, etc.

  In 2.0, a brand-new install of the server will automatically create
test certificates with the right OID's for Windows.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html








      
_____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to