AW: Noone anny idea fot --> TLS Athentifikation before Domain, Logon XP?

Armin Krämer Kraemer.Armin at web.de
Fri Jan 6 22:15:13 CET 2006


Okay, i tested on and found an difference. I attach 2 Files. One is the
output with an normal Client-Certificate the other with an Certifikate with
the OID 1.3.6.1.4.1.311.17.2.

In both cases the Certifikate is rejected with Error in Certifikate A. 

The Client Certifikate ist tested as Client-Certifikate and works when
installed as an normal Account Certifikate. 

Sems like the mistake is at the Certifikate itself??? When i generated the
Special Machine Certifikate i changed out the normal OID against the other
one described above. Or may i have to add OID as a second OID to the
certifikate?
Thanks for helping.

:-)
 

-----Ursprüngliche Nachricht-----
Von: j.cluzel at online.fr [mailto:j.cluzel at online.fr] 
Gesendet: Freitag, 6. Januar 2006 21:11
An: Kraemer.Armin at web.de
Betreff: Re: Noone anny idea fot --> TLS Athentifikation before Domain,
Logon XP?

Hello,

- login as local administrateur
- start mmc.exe
- add certificate / computer account / local computer (note sure for names,
my XP is french, so I translate)
- Then, in the tree, select root certification autority/Certificates
- Right click, All tasks/Import
- select your "root.der"
- Then, in the tree, select Personnal/Certificates
- Right click, All tasks/Import
- select your "machine.p12"
- enter your "private key"
- close mmc
- set AuthMode to "2" in registry
- in computer panel/Network connection/wireless connection
- tab "Association" WPA & TKIP
- tab "Auth" check "Authenticate as computer..."
- tab "Auth"/Properties check "Validate serveur certificate" and select your
certificate in the list, !!! Be aware, in "property", you add to check
"Connexion to these servers", but let it uncheck for testing
- Pray... ;-)

Hope it helps.
FYI, it works for me.

Regards,

Jeremy







More information about the Freeradius-Users mailing list