im using standart windows mmc.

after import of the CA and Server certificates
the server certificate links to the ca certificate ok

CA certificate
    |- server certificate

but when i import the client.p12 certificate the linkage is

CA certificate
    |- server certificate
            |- client certificate

in that moment the server part tells ( it not allow to issue certificate for others).

So the server certifiace is not allowed to issue certificate ( in this case to issue the certificate for the server. ).

1)Its necessary to import the server certificate + ca certificate + client certificate ?
2)or only ca certificate + client certificate ?

the second case the linkage between the ca and client doesnt exist ( as you said "is the server the issuer of the client`s certificate" ).


On 25/01/2008, Alan DeKok <aland@deployingradius.com> wrote:
orion wrote:
> the import of client.p12 is ok but it doesnt have a valid link
> it is ca->server->client

  What does that mean?

> and the details of the server certificate tells that "is not authorized
> to issue certificates" .

  Where does it say that?  Which certificate tool are you using to look
at the certificates?

> the client certificates tells that is issued by the server not by the ca.

  Yes, that is supposed to happen.

> the question is :
> the client certificate should be issued by the server or by the ca?

  Server.

> in fact after modified the Makefile and client.cnf and re-importing them
> in xp
> then the linkage is ok.  ( ca->client )

  That's not how it's supposed to work.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html