michael at stroeder.com
Mon Mar 30 15:13:54 CEST 2015
Franks Andy (IT Technical Architecture Manager) wrote:
> I was wondering if there is any way I could read a TLS client
> certificate field (probably MS specific) called "Certificate Template
> Information". We have an M$ CA (for now), and one of the strings within
> this field contains the name of the certificate template, which I want
> to check, to make sure that people aren't making up their own cert
> templates and randomly giving wireless access to people in the wrong way
> (I have good reason).
I think your idea is the completely wrong approach for the problem. Make sure
you have your PKI under your control => ensure that "people" cannot make up
their own cert templates.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
More information about the Freeradius-Users