Certificate information

Michael Ströder michael at stroeder.com
Mon Mar 30 15:13:54 CEST 2015


Franks Andy (IT Technical Architecture Manager) wrote:
>    I was wondering if there is any way I could read a TLS client
> certificate field (probably MS specific) called "Certificate Template
> Information". We have an M$ CA (for now), and one of the strings within
> this field contains the name of the certificate template, which I want
> to check, to make sure that people aren't making up their own cert
> templates and randomly giving wireless access to people in the wrong way
> (I have good reason).

I think your idea is the completely wrong approach for the problem. Make sure 
you have your PKI under your control => ensure that "people" cannot make up 
their own cert templates.

Ciao, Michael.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150330/f159cc06/attachment.bin>


More information about the Freeradius-Users mailing list