purpose of xp extensions
aland at deployingradius.com
Thu Jun 28 18:19:29 CEST 2018
On Jun 28, 2018, at 11:48 AM, d tbsky <tbskyd at gmail.com> wrote:
> 2. is xp extensions only useful if we want client to verify server certificate?
The extensions show the allowed uses of the server / client certificates.
> 3. if we use certificate like let's encrypt without xp extensions.
> what function do we miss?
Among other things, newer versions of OpenSSL will refuse to do client certificates if the server doesn't have the correct extensions.
> I know it is not very secure to use public
> CA, but it seems easier when deal with mobile devices bring by users.
> they just want to access wifi with their active directory
That generally doesn't work. Some systems prompt the user to accept the certs. Others don't, and silently fail.
More information about the Freeradius-Users