orion wrote: > but when i import the client.p12 certificate the linkage is > > CA certificate > |- server certificate > |- client certificate > > in that moment the server part tells ( it not allow to issue certificate > for others).
There's no reason why the intermediate certificate can't issue a client certificate. And yes, you already said it complained about that. There's no reason to re-post a summary of that message. You were asked to post *specific* information. > So the server certifiace is not allowed to issue certificate ( in this > case to issue the certificate for the server. ). Nonsense. > 1)Its necessary to import the server certificate + ca certificate + > client certificate ? > 2)or only ca certificate + client certificate ? > > the second case the linkage between the ca and client doesnt exist ( as > you said "is the server the issuer of the client`s certificate" ). A direct linkage doesn't exist, and doesn't need to exist. Windows has *zero* problems using such a client certificate for EAP-TLS. If you see an error message, then either the software you're using is broken, or you didn't understand the message it's producing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html