One thing to be mindful of with InstantSSL is that they might be using a chained root cert. i.e. GlobalCorp has the CA, signs InstantSSL root as suitable for signing. InstantSSL signs your cert. This is not usually a problem for software like Apache httpd, but can cause problems with less flexible server software. 1. I do not know if InstantSSL is doing this (although I vaguely remember them as providing a certificate like this to someone I know) 2. I do not know if FreeRADIUS will have problems using the chained certificate. Cheers, Ben On 12/4/05, Laker Netman <laker_netman@yahoo.com> wrote:
Yes, it's PEAP over wifi with XP supplicants. I will query the CA as to whether that oid is included.
Regards, Laker
--- Ben Thompson <bt4@york.ac.uk> wrote:
On Fri, 2005-12-02 at 10:03 -0800, Laker Netman wrote:
I am considering use of a CA-signed SSL certificate. Comodo (instantssl.com) offers an "Intranet SSL" certificate good on a single, internal host. All of their documentation refers to set up with a web server or for email verification. Would it also work with FR?
Are you doing PEAP on a wireless network with Windows clients?
If so, you need to check that the certificate includes the server authentication oid 1.3.6.1.5.5.7.3.1 in the enhanced usage section.
Cheers
Ben
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html