On Oct 2, 2015, at 8:58 PM, Jim Seymour <jseymour@LinxNet.com> wrote:
Now I *know* I never had to do that before. In fact: The certs on my existing server expired just a month ago or so and I had to generate new ones... Just double-checked: The FreeRADIUS on current production server is using the same self-signed certs as everything else on that server.
And... how did you create the self-signed certs?
My confusion increases. How is it I've been running everything from MS-Win95 through MS-Win7 on my existing network, using FreeRadius 1.1.1, and plain old self-signed server certs, w/o any special OIDs, all these years? And never installing CA certs (which eventually expire) on all the PCs?
No idea. It's Windows.
Help me to understand, please? Is this a result of some change between 1.1.x and 2.x.x?
No. The OIDs are required by Windows, not by FreeRADIUS.
Is this how you add those OIDs:
No, no, no, and no. I have *zero* clue how people find random third-party web sites from nearly a decade ago, and cannot find the documentation that ships with the server. The method to create certs is documented in raddb/certs/ . It's been there since before that crappy page was written. PLEASE read the documentation that we've written. Pretty much everything else is old, broken, crappy, and lying to you. Alan DeKok.