Jeffrey Hutzelman wrote on 04.02.2008 00:43: > --On Thursday, January 31, 2008 05:42:50 PM +0100 "Reimer Karlsen-Masur, > DFN-CERT" <[EMAIL PROTECTED]> wrote: > >> If the "Microsoft Smartcard Logon" extendedKeyUsage *is part* of your >> client certificates they might not work with Windows build-in supplicant. > > This is not surprising, if that is the only EKU in the cert.
I was talking about a set of EKUs like MS Smartcard Logon in combination with clientAuth and eg. e-mail protection...even if I did not state that clearly enough. Windows does not like to use EE-certs containing EKUs clientAuth and MS Smartcard Logon for EAP-TLS with its build-in supplicant. -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstr. 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html