Got the requested openssl output via pm. PKIX extendedKeyUsage is set OK. Additionally Netscape Cert Type is set accordingly to EKU.
But: It is a wildcard certificate. And the SubjectDN contained among commonly used RDNs (like C, ST, L, O, OU and CN) a view RDNs that are rarely used in certificates like OIDs 2.5.4.17, 2.5.4.9 and 2.5.4.9 which are X.500 attributs (<http://www.faqs.org/rfcs/rfc2256.html>, <http://www.alvestrand.no/objectid/2.5.4.html>). I have not a clue if Windows built-in EAP-TLS or PEAP supplicant has problems with these. Anyway, these "oddities" raised my suspicion. Can anybody confirm that RADIUS-Server certs with these rarely used OIDs in the sDN and/or a wildcard CN is working with Windows build-in PEAP/EAP-TLS? Alan DeKok wrote: > Phil Brown wrote: >> Can any one recommend a signed certificate provider whose certificates work >> with the >> Microsoft 802.1x client. I currently have a system that works fine with a >> self signed certificate >> but fails to work with a Digicert signed certificate, so we are looking to >> purchase a certificate >> that will work. > > OpenSSL creates usable certificates. I would suggest calling > Digicert, and telling them the certificate you paid for is useless. -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html