Got the requested openssl output via pm. PKIX extendedKeyUsage is set OK. Additionally Netscape Cert Type is set accordingly to EKU. But: It is a wildcard certificate. And the SubjectDN contained among commonly used RDNs (like C, ST, L, O, OU and CN) a view RDNs that are rarely used in certificates like OIDs 2.5.4.17, 2.5.4.9 and 2.5.4.9 which are X.500 attributs (<http://www.faqs.org/rfcs/rfc2256.html>, <http://www.alvestrand.no/objectid/2.5.4.html>). I have not a clue if Windows built-in EAP-TLS or PEAP supplicant has problems with these. Anyway, these "oddities" raised my suspicion. Can anybody confirm that RADIUS-Server certs with these rarely used OIDs in the sDN and/or a wildcard CN is working with Windows build-in PEAP/EAP-TLS? Alan DeKok wrote:
Phil Brown wrote:
Can any one recommend a signed certificate provider whose certificates work with the Microsoft 802.1x client. I currently have a system that works fine with a self signed certificate but fails to work with a Digicert signed certificate, so we are looking to purchase a certificate that will work.
OpenSSL creates usable certificates. I would suggest calling Digicert, and telling them the certificate you paid for is useless.
-- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737