purpose of xp extensions

Alan DeKok aland at deployingradius.com
Thu Jun 28 18:19:29 CEST 2018

On Jun 28, 2018, at 11:48 AM, d tbsky <tbskyd at gmail.com> wrote:
> 2. is xp extensions only useful if we want client to verify server certificate?

  The extensions show the allowed uses of the server / client certificates.

> 3. if we use certificate like let's encrypt without xp extensions.
> what function do we miss?

  Among other things, newer versions of OpenSSL will refuse to do client certificates if the server doesn't have the correct extensions.

> I know it is not very secure to use public
> CA, but it seems easier when deal with mobile devices bring by users.
> they just want to access wifi with their active directory
> username/password.

  That generally doesn't work.  Some systems prompt the user to accept the certs.  Others don't, and silently fail.

  Alan DeKok.

More information about the Freeradius-Users mailing list