Help with 802.1x Certificate

Carl Peterson cpeterson at portnetworks.com
Fri Sep 14 17:37:56 CEST 2012 

You have three possible issues.

1). You need to chain all of the certs into one file.

2). MS requires that the cert have a "special purpose".  This is documented
and needs to be included in the CSR.  BS, but that's MS for you.

3). MS might not like wild cards.  Not sure about this but it may be an
issue.  Easy enough to test.  If 1 and 2 don't work, try with a
non-wildcard cert +1 and 2.  Post your results so we can all learn from it.

Carl Peterson



On Sep 14, 2012, at 10:44 AM, Tyller D <tyllerd at gmail.com> wrote:



On Fri, Sep 14, 2012 at 4:07 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Tyller D wrote:
> > I have everything configured and working when I disabled "validate
> > server Certificate" on windows.
> > I have a wildcard certificate purchased from godaddy.com.
>
>   I'm not sure that will work.
>

Is there a reason for that? Godaddy is in the list of servers to validate
against?



>  > I had a problem when using it with apache as I had to add the
> > intermediate chain in the config but can't find a place to do that in
> > FreeRaius.
>
>   You should have the CA cert, and all of the certs leading to the
> server certificate.
>

Correct, I do. But which one do add as "certificate_file" in eap.conf?


>
> > When Auth fails because of validation then I get this in Freeradius debug
>
>   So... did you read eap.conf, and configure the certificates as
> documented there?
>
>
Are you referring to this?

  - Windows requires the root certificates to be on the client PC.
    If it doesn't have them, you will see the same issue as above.

I'm just guessing but it seems like that would be the cause.



> > Is there something that I can do to get this to work?
>
>   Read the documentation?
>

My question is, all the certificates leading to the  server certifcate -
where do I add them?

>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120914/0964128d/attachment.html>

More information about the Freeradius-Users mailing list