Configuring ssl-admin to include windows OIDs in the server cert
Hi, I've used the ssl-admin tool to generate a certificate authority certificate, a server certificate and multiple client certificates - all used to setup a FreeRadius EAP-TLS WPA2 Enterprise secured wireless network. Android devices connect to the network without any problems, but windows devices connections requests never even get passed to the freeradius daemon. After looking around on the internet as well as asking some questions on this list, I understand I have to embed the XP Extensions OIDs into the server certificate (something I have to do when actually creating the server certificate). I've found information on how to do this using the openssl command, but as i'm using the ssl-admin tool to handle certificate creation, I need to make it do the same. Has anyone had any experience in doing this? Regards, Jazz
Jasvinder S. Bahra wrote:
Android devices connect to the network without any problems, but windows devices connections requests never even get passed to the freeradius daemon. After looking around on the internet as well as asking some questions on this list, I understand I have to embed the XP Extensions OIDs into the server certificate (something I have to do when actually creating the server certificate).
Yes, Windows requires that.
I've found information on how to do this using the openssl command,
i.e. the scripts and examples that come with the server? In raddb/certs? With a README file?
but as i'm using the ssl-admin tool to handle certificate creation, I need to make it do the same.
Has anyone had any experience in doing this?
Ask the ssl-admin people how their tool works. The scripts that ship with th eserver *work*. I suggest using them. Alan DeKok.
participants (2)
-
Alan DeKok -
Jasvinder S. Bahra