orion wrote:
but when i import the client.p12 certificate the linkage is
CA certificate |- server certificate |- client certificate
in that moment the server part tells ( it not allow to issue certificate for others).
There's no reason why the intermediate certificate can't issue a client certificate. And yes, you already said it complained about that. There's no reason to re-post a summary of that message. You were asked to post *specific* information.
So the server certifiace is not allowed to issue certificate ( in this case to issue the certificate for the server. ).
Nonsense.
1)Its necessary to import the server certificate + ca certificate + client certificate ? 2)or only ca certificate + client certificate ?
the second case the linkage between the ca and client doesnt exist ( as you said "is the server the issuer of the client`s certificate" ).
A direct linkage doesn't exist, and doesn't need to exist. Windows has *zero* problems using such a client certificate for EAP-TLS. If you see an error message, then either the software you're using is broken, or you didn't understand the message it's producing. Alan DeKok.