Sergio wrote:
For the other side, i don't know anything about WiMAX, but i suposse
that credentials are the same. Hope this helps
______________________________________________________________________
I do. WiMAX certs (the ones uses in EAP-TLS and EAP-TTLS sessions over
the airlink to identify the device and AAA server) are required to use
sha256withRSAEncryption and should use 2048 bit RSA but may use 1024 bit
RSA if the notAfter date doesn't go past 2010. The root and subordinate
certs for the server and device hierarchies from the WiMAX PKI do use
sha256withRSAEncryption and 2048 bit RSA as do all the certs signed by
the WiMAX CA. The WiMAX CA uses vanilla OpenSSL.
I can confirm that people have got these WiMAX compliant certs
authenticating with FreeRADIUS in a WiMAX network.
Things to look out for.. Run it on a 64 bit OS. E.G. it has worked on 64
bit fedora. The dates of the root and sub certs hit the 2038 problem, so
64 bit is required for chain validation to work. Use the most current
FreeRADIUS and OpenSSL packages that has support for the signature
algorithms. Make sure you have the proper chain certs installed. If you
are a WiMAX member, the certs are there on the WiMAX Forum web site with
various documents including handy overview document that describes what
chain certs to put where.
Don't confuse these certs with the 802.16 authorization certs for fixed
operation. These have a different profile that is in the 802.16 spec,
don't go over EAP and use a different CA that I have nothing to do with.
David Johnston
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
