client certs
Andrew Hood
freeradius at andyhood.net
Thu Dec 11 13:02:45 CET 2008
tnt at kalik.net wrote:
> Try attached Makefile. It has been altered so client certificates are
> signed by the ca and not server certificate. I was unable to
> "persuade" up-to-date Windows PCs to accept server certificate as an
> Intermediate CA. Changing the issuer resolved the problem.
Shouldn't that be:
$ diff Makefile.20081211 Makefile
92c92
< openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr
-key $(PASSWORD_SERVER) -out client.crt -extensions xpclient_ext
-extfile xpextensions -config ./client.cnf
---
> openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr
-key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
--
REALITY.SYS not found: Universe halted.
More information about the Freeradius-Users
mailing list