I just went through the process last night, and the initial steps you outline are part of the first steps. I used RapidSSL and found it quite straight forward the knowledge base is well laid and answered any questions I had. After the initial submission of the CSR, you have to go through a validation process, once completed you get the cert and have to install it, all documented well. RapidSSL also offers a 30 day trial SSL that may be beneficial in your situation.
Good luck, -Stubbs > Can someone on the list share with me their experience with > certificate signing? I'd like to submit a CSR to a commercial signing > authority such as GoDaddy so that wireless clients can establish a TLS > session with a trusted certificate. Is this as simple as: > openssl genrsa -out radius.key 1024 > openssl req -new -key radius.key -out radius.csr Then submitting the > CSR to the signing authority? > -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Byrd Sent: Tuesday, October 02, 2007 9:42 AM To: [email protected] Subject: FreeRADIUS TLS certificate signing Can someone on the list share with me their experience with certificate signing? I'd like to submit a CSR to a commercial signing authority such as GoDaddy so that wireless clients can establish a TLS session with a trusted certificate. Is this as simple as: openssl genrsa -out radius.key 1024 openssl req -new -key radius.key -out radius.csr Then submitting the CSR to the signing authority? My biggest concern is if the signing authority will add the Enhanced Key Usage parameters necessary to support Windows clients. I think I read that they add it to support SSL web servers, but I haven't been able to find that reference again. Also, in my testing it appears that unlike with web servers, it doesn't really matter what CN you use - since clients aren't resolving DNS at that point, it appears from my testing that they take any cert signed by a trusted signing authority, and don't do the standard check of FQDN == CN. Does that sound right? Thanks in advance, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
