Alan DeKok wrote:
Meyers, Dan wrote:
I was having this exact same problem for a significant period of time when I bought a new Verisign cert for our servers which was chained (the old one being directly root signed, which Verisign no longer do). It would appear to be a bug/security patch in XP sometime after SP2 that causes this.
Ouch. That is evil.
I've updated raddb/certs/README with various rants about this.
Alan DeKok.
Might be usefull to add that the certificates we use (bought from www.geotrust.com via opensrs) are directly root signed. (Our web server certificates anyway - I assume the certificates freeradius uses are the same kind) Unsure whether you feel comfortable "advertising" anyone, but people might want to know where to get a "directly signed" certificate. -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782