On Thu, 2008-12-11 at 01:49 +0100, [EMAIL PROTECTED] wrote: > >I only re-generated the 'client' certificate but in doing a diff, it > >appears that every level of cert generation has changed...do I have to > >start over? > > > > You should. Original Makefile was creating ca certificate that was valid > only for 30 days. This one will use value from ca.cnf. > > >Windows is still complaining with new client certificate and yes, system > >is XP Service Pack 3 so it's pretty much up-to-date > > > > Then you haven't got the (correct) ca.der certificate in your trusted > root certificate store. ---- I was afraid you were gonna say that...
I am honing by BOFH chops...each time I make new certs, I chase the iPhone users through their setup to accept the new cert. ;-) Though I was pretty certain that the certs I was making through my own scripts were right, I thought if I used the cert creation scripts from freeradius, things would just work... OK - I'll look at the cnf options because it would be nice to have more than 30 days anyway Thanks Craig - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
