certificates in FR 2.0.1 on windows doesnt works

orion meshkruaj at gmail.com
Fri Jan 25 21:13:07 CET 2008


im using standart windows mmc.

after import of the CA and Server certificates
the server certificate links to the ca certificate ok

CA certificate
    |- server certificate

but when i import the client.p12 certificate the linkage is

CA certificate
    |- server certificate
            |- client certificate

in that moment the server part tells ( it not allow to issue certificate for
others).

So the server certifiace is not allowed to issue certificate ( in this case
to issue the certificate for the server. ).

1)Its necessary to import the server certificate + ca certificate + client
certificate ?
2)or only ca certificate + client certificate ?

the second case the linkage between the ca and client doesnt exist ( as you
said "is the server the issuer of the client`s certificate" ).


On 25/01/2008, Alan DeKok <aland at deployingradius.com> wrote:
>
> orion wrote:
> > the import of client.p12 is ok but it doesnt have a valid link
> > it is ca->server->client
>
>   What does that mean?
>
> > and the details of the server certificate tells that "is not authorized
> > to issue certificates" .
>
>   Where does it say that?  Which certificate tool are you using to look
> at the certificates?
>
> > the client certificates tells that is issued by the server not by the
> ca.
>
>   Yes, that is supposed to happen.
>
> > the question is :
> > the client certificate should be issued by the server or by the ca?
>
>   Server.
>
> > in fact after modified the Makefile and client.cnf and re-importing them
> > in xp
> > then the linkage is ok.  ( ca->client )
>
>   That's not how it's supposed to work.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080125/b658b274/attachment.html>


More information about the Freeradius-Users mailing list