Stefan Puch wrote on 01.02.2008 09:57:
@Reimer Karlsen-Masur
If the "Microsoft Smartcard Logon" extendedKeyUsage *is part* of your client certificates you could work around this by disabling the trust setting of valid certificate usage "Microsoft Smartcard Logon" in the CAs properties in Windows build-in certificate store on the PDA. As the "Microsoft Smartcard Logon" extendedKeyUsage *is NOT part* of the client certificates there should be no problem. Something different seems to be not correct.
Did you get a PDA using Windows Mobile working with EAP-TLS with Windows build-in supplicant and freeradius?
I am afraid, we do not have a Win Mob PDA to test things available. Problems with the non-repudiation keyUsage occured with a SymbianOS based PDA. -- Beste Gruesse / Kind Regards Reimer Karlsen-Masur DFN-PKI FAQ: https://www.pki.dfn.de/faqpki 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ -- Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615 DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstr. 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski