I'm trying to set up a WPA2-enterprise network using eap-tls. I use openssl to create the self-signed root CA, the server certificate for the radius server, and all of the client certificates. After importing the root CA and client certificate to a windows machine, I see that the "intended purpose" of my root CA is "<All>." As a security measure, is it possible to limit the purpose of the root CA to client authentication only, and if so how does one do that? Other certs in the "trusted root ca" section have client authentication listed as their purpose, so I assume I just don't know how to specify that when creating the CA.
Also: Can someone respond with just a "Hi Travis" so I can verify that my messages are making it to the list? Thanks, Travis Dimmig Software Development Specialist Impulse Point www.impulse.com<http://www.impulse.com>
