Phil, can you look at the certs I provided?
Gabriel
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/EAP-TLS-Windows-7-Problem-with-chain-certificate-on-the-client-side-tp5664334p5675205.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List
I think I found a reason. In the root and sub CA certificates there was
*Extended Key Usage* set to OCSP Signing what limited using of any user
certificate issued by those CAs to OCSP Signing purpose.
/
4.2.1.12. Extended Key Usage
This extension indicates one or more purposes for which the
Attached you can find Sub2_CA chain and end user certificate issued by Sub2
CA.
jinx
#
End user certificate:
#
Bag Attributes
localKeyID: B8 D0 2D C0 14 F7 6B 88 15 8A 9E FA C4 F8 4E A5
Hi all,
My PKI infrastructure is hierarchical, meaning that client certificate path
looks like below:
ROOT_CA-Sub1_CA-Sub2_CA-Client_Cert
Client_Cert Sub2_CA purposes are set correctly.
After I import client certificate (client.p12) into the Windows Cert Store
the following events occur:
-Root
As I mentioned before CA_file in the eap.conf is set to
${cadir}/Sub2_CA_*entire_chain*.pem
Is there any difference between concatenated CA file and certificate chain?
Gabriel
--
View this message in context:
Ok, to be sure that we understand each other...
My Sub2_CA_entire_chain.pem looks like this:
-BEGIN CERTIFICATE-
XX
-END CERTIFICATE-
-BEGIN CERTIFICATE-
Y
-END CERTIFICATE-
-BEGIN CERTIFICATE-
freeradius: FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on
Feb 2 2012 at 15:38:19
OpenSSL 0.9.8o 01 Jun 2010
I wouldn't like to share our private production certificates but if you
really need it to help us I will set up a mirror testing PKI environment and
send you all
7 matches
Mail list logo