Ben Thompson wrote:
Hi
Has anybody got a digital certificate (with the extended key usage attributes required for PEAP) installed on their FreeRADIUS box that has been signed by a commercial trusted CA?
I have come to suspect that this is impossible due to the fact that Verisign are the only company marketing such a product and it can only be installed on a Windows server (as the online purchase system only works if done from the target machine using Internet Explorer and Xenroll).
Not really a freeradius issue, but you could maybe enable the various certificate store export options before doing the purchase, then export it. You'd need to (re)name the box you purchased from appropriately, but only for the duration of the purchase. Though I can understand you wanting a pre-trusted cert, we didn't find it particularly onerous to distribute a self-signed one. I am surprised no-one else is offering that EKU oid. Have you tried speaking to someone technically knowledgeable at one of the other CAs - it may be something they can do as a specific request, even if it's not a default option.