--- Phil Mayers <p.mayers@imperial.ac.uk> wrote:
openssl x509 -noout -text -in theserver.crt
...will show things like:
X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication
...the latter being the one you're looking for.
As Alan says, it's almost certainly oids, but regardless the problem is not at the FreeRadius side - you should look to the debugging on the cisco switch and/or the windows client ("netsh * set tracing on" and logfiles somewhere under c:\windows)
The output of my server certificate contains: X509v3 Extended Key Usage: TLS Web Server Authentication As you advise, I turned tracing on and found that the SSL handshake was not completed, the client kept sending "Client Hello" packet but got no response from the server. But when looking at Ethereal's dump file, I saw that the server actually sent its certificate in the Access-Challenge packet. I even unchecked "Validate server certificate" in the client setting but still no luck. What am I supposed to do now? I'm gonna be crazy please help. TIA, Thai Duong. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com