more on server certificates

Phil Mayers p.mayers at
Sat Aug 27 14:07:15 CEST 2005

Ben Thompson wrote:
> Hi
> Has anybody got a digital certificate (with the extended key usage
> attributes required for PEAP) installed on their FreeRADIUS box that has
> been signed by a commercial trusted CA? 
> I have come to suspect that this is impossible due to the fact that
> Verisign are the only company marketing such a product and it can only
> be installed on a Windows server (as the online purchase system only
> works if done from the target machine using Internet Explorer and
> Xenroll).

Not really a freeradius issue, but you could maybe enable the various 
certificate store export options before doing the purchase, then export 
it. You'd need to (re)name the box you purchased from appropriately, but 
only for the duration of the purchase.

Though I can understand you wanting a pre-trusted cert, we didn't find 
it particularly onerous to distribute a self-signed one.

I am surprised no-one else is offering that EKU oid. Have you tried 
speaking to someone technically knowledgeable at one of the other CAs - 
it may be something they can do as a specific request, even if it's not 
a default option.

More information about the Freeradius-Users mailing list