im using standart windows mmc. after import of the CA and Server certificates the server certificate links to the ca certificate ok CA certificate |- server certificate but when i import the client.p12 certificate the linkage is CA certificate |- server certificate |- client certificate in that moment the server part tells ( it not allow to issue certificate for others). So the server certifiace is not allowed to issue certificate ( in this case to issue the certificate for the server. ). 1)Its necessary to import the server certificate + ca certificate + client certificate ? 2)or only ca certificate + client certificate ? the second case the linkage between the ca and client doesnt exist ( as you said "is the server the issuer of the client`s certificate" ). On 25/01/2008, Alan DeKok <aland@deployingradius.com> wrote:
orion wrote:
the import of client.p12 is ok but it doesnt have a valid link it is ca->server->client
What does that mean?
and the details of the server certificate tells that "is not authorized to issue certificates" .
Where does it say that? Which certificate tool are you using to look at the certificates?
the client certificates tells that is issued by the server not by the ca.
Yes, that is supposed to happen.
the question is : the client certificate should be issued by the server or by the ca?
Server.
in fact after modified the Makefile and client.cnf and re-importing them in xp then the linkage is ok. ( ca->client )
That's not how it's supposed to work.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html